/[smeserver]/rpms/sudo/sme9/sudo.spec
ViewVC logotype

Annotation of /rpms/sudo/sme9/sudo.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Sat Feb 6 20:26:20 2021 UTC (3 years, 9 months ago) by jpp
Branch: MAIN
CVS Tags: sudo-1_8_6p3-30_el6_sme, HEAD
Changes since 1.1: +7 -2 lines
* Thu Feb 04 2021 Jean-Philipe Pialasse <tests@pialasse.com> 1.8.6p3-30.sme
- fix CVE-2021-3156 [SME: 11339]

1 jpp 1.1 Summary: Allows restricted root access for specified users
2     Name: sudo
3     Version: 1.8.6p3
4 jpp 1.2 Release: 30%{?dist}
5 jpp 1.1 License: ISC
6     Group: Applications/System
7     URL: http://www.courtesan.com/sudo/
8     Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
9     Source1: sudo-1.8.6p3-sudoers
10     Source2: sudo-1.7.4p5-sudo-ldap.conf
11     Source3: sudo-1.8.6p3-sudo.conf
12     Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
13     Requires: /etc/pam.d/system-auth, vim-minimal
14    
15     BuildRequires: pam-devel
16     BuildRequires: groff
17     BuildRequires: openldap-devel
18     BuildRequires: flex
19     BuildRequires: bison
20     BuildRequires: automake autoconf libtool
21     BuildRequires: audit-libs-devel libcap-devel
22     BuildRequires: libselinux-devel
23     BuildRequires: sendmail
24     BuildRequires: zlib-devel
25     BuildRequires: tzdata
26    
27     # don't strip
28     Patch1: sudo-1.6.7p5-strip.patch
29     # configure.in fix
30     Patch2: sudo-1.7.2p1-envdebug.patch
31     # show the editor being executed by `sudo -e' in audit messages
32     Patch3: sudo-1.8.6p3-auditeditor.patch
33     # fix manpage typo (#726634)
34     Patch4: sudo-1.8.6p3-mantypo.patch
35     # correct SELinux handling in sudoedit mode (#697775)
36     Patch5: sudo-1.8.6p3-sudoedit-selinux.patch
37     # [RFE] Fix visudo -s to be backwards compatible (#604297)
38     Patch6: sudo-1.8.6p3-aliaswarnonly.patch
39     # log failed user role changes (#665131)
40     Patch7: sudo-1.8.6p3-auditrolechange.patch
41     # 840980 - sudo creates a new parent process
42     # Adds cmnd_no_wait Defaults option
43     Patch8: sudo-1.8.6p3-nowaitopt.patch
44     # Do not inform the user that the command was not permitted by the
45     # policy if they do not successfully authenticate.
46     Patch9: sudo-1.8.6p3-noauthwarn-regression.patch
47     # 876578 - erealloc3 error on sssd sudoHost netgroup mismatch
48     Patch10: sudo-1.8.6p3-emallocfail.patch
49     # 876208 - sudoRunAsUser #uid specification doesn't work
50     Patch11: sudo-1.8.6p3-ldap-sssd-usermatch.patch
51     # 879675 - sudo parse ldap.conf incorrectly
52     Patch12: sudo-1.8.6p3-ldapconfparse.patch
53     # 879633 - sudo + sssd + local user sends e-mail to administrator
54     Patch13: sudo-1.8.6p3-sssd-noise.patch
55     # 903020 - sudoers containing specially crafted aliases causes segfault of visudo
56     Patch14: sudo-1.8.6p3-cyclesegv.patch
57     # 856901 - Defauts:!<user> syntax in sudoers doesn't seem to work as expected
58     Patch15: sudo-1.8.6p3-ALL-with-negation-manupdate.patch
59     # 947276 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
60     Patch16: sudo-1.8.6p3-nprocfix.patch
61     # 886648 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup
62     Patch17: sudo-1.8.6p3-strictuidgid.patch
63     # 994563 - Warning in visudo: cycle in Host_Alias even without cycle
64     Patch18: sudo-1.8.6p3-cycledetect.patch
65     # 848111 - Improve error message
66     Patch19: sudo-1.8.6p3-netgrmatchtrace.patch
67     # 994626 - sudo -u <user> sudo -l show error: *** glibc detected *** sudo: realloc(): invalid next size
68     Patch20: sudo-1.8.6p3-lbufexpandcode.patch
69     # 973228 - RHEL6 sudo logs username "root" instead of realuser in /var/log/secure
70     Patch21: sudo-1.8.6p3-logsudouser.patch
71     # 880150 - sssd +netgroup sudoUser is always matched
72     Patch22: sudo-1.8.6p3-sssdfixes.patch
73     # 853542 - sudo should use ipa_hostname in IPA backend when defined
74     Patch23: sudo-1.8.6p3-ipahostname.patch
75     # 1015355 - CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 sudo: various flaws
76     # upstream ref: 2f3225a2a4a4 049a12a5cc14 ebd6cc75020f
77     Patch24: sudo-1.8.6p3-CVE-2013-2777_2776_1775.patch
78     # 1065415 - -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell
79     Patch25: sudo-1.8.6p3-sesharg0fix.patch
80     # 1078338 - sudo does not handle the "(none)" string, when no domainname is set, which breaks when nscd is enabled
81     Patch26: sudo-1.8.6p3-nonehostname.patch
82     # 1052940 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
83     Patch27: sudo-1.8.6p3-doublequotefix.patch
84     # 1083064 - With sudo-1.8.6p3-12.el6.x86_64 version, If a sudo rules contains +netgroup in sudoUser attribute it result in access denied
85     # 1006463 - sudo -U <user> listing shows incorrect list when sssd is used.
86     Patch28: sudo-1.8.6p3-netgrfilterfix.patch
87     # 1006447 - sudo -ll does not list the rule names when sssd is used.
88     Patch29: sudo-1.8.6p3-sssdrulenames.patch
89     # 1070952 - pam_faillock causes sudo to lock user when user aborts password prompt
90     Patch30: sudo-1.8.6p3-authinterrupt.patch
91     # Fix compiler warnings about discarting const qualifiers
92     Patch31: sudo-1.8.6p3-constwarnfix.patch
93     # 1138267 - sudoers.ldap man page has typos in description
94     Patch32: sudo-1.8.6p3-mantypos-ldap.patch
95     # 1147498 - duplicate sss module in nsswitch breaks sudo
96     Patch33: sudo-1.8.6p3-nssdupfix.patch
97     # 1138581 - sudo with sssd doesn't work correctly with sudoOrder option
98     Patch34: sudo-1.8.6p3-sudoorderfix.patch
99     # 1142122 - sudo option mail_no_user doesn't work
100     Patch35: sudo-1.8.6p3-ldapusermatchfix.patch
101     # 1094548 - sudo - cmnd_no_wait can cause child processes to ignore SIGPIPE
102     Patch36: sudo-1.8.6p3-sigpipefix.patch
103     # 1144448 - sudo with ldap doesn't work correctly with 'listpw=all' and 'verifypw=all' in sudoOption entry
104     Patch37: sudo-1.8.6p3-authlogicfix.patch
105     # 1200253 - CVE-2014-9680 sudo: unsafe handling of TZ environment variable [rhel-6.7]
106     Patch38: sudo-1.8.6p3-CVE-2014-9680.patch
107     # 1075836 - Sudo taking a long time when user information is stored externally.
108     Patch39: sudo-1.8.6p3-legacy-group-processing.patch
109     # 1241896 - [RFE] Implement sudoers option to change netgroup processing semantics
110     Patch40: sudo-1.8.6p3-netgroup_tuple.patch
111     # 1248695 - sudo segfault segfault at 8 i error 4 in sudoers.so
112     Patch41: sudo-1.8.6p3-seqfault-null-group-list.patch
113     # 1197885 - visudo ignores -q flag
114     Patch42: sudo-1.8.6p3-visudo-quiet-flag.patch
115     # 1247231 - [RFE] Backport pam_service and pam_login_service sudoers options from sudo 1.8.8
116     Patch43: sudo-1.8.6p3-pam_servicebackport.patch
117     # 1144422 - sudo with ldap/sssd doesn't respect env_keep,env_check and env_delete variables in sudoOption
118     Patch44: sudo-1.8.6p3-strunquote.patch
119     # 1279447 - sudo command throwing error when defaults records are added in ldap based on sudoers2ldif generated ldif
120     Patch45: sudo-1.8.6p3-ldap_sssd_parse_whitespaces.patch
121     # 1135531 - sudo with ldap doesn't work with 'user id' in sudoUser option
122     Patch46: sudo-1.8.6p3-ldapsearchuidfix.patch
123     # 1220480 - sudo option mail_no_user doesn't work with sssd provider
124     Patch47: sudo-1.8.6p3-sssd-mailfix.patch
125     # 1284886 - getcwd failed, resulting in Null pointer exception
126     Patch48: sudo-1.8.6p3-null_exception.patch
127     # 1309976 - closefrom_override sudo option not working
128     Patch49: sudo-1.8.6p7-closefrom-override-fix.patch
129     # 1312481 - non-root user can list privileges of other users
130     Patch50: sudo-1.8.6p3-unprivileged-list-fix.patch
131     # 1330001 - Fix sudo log file wrong group ownership
132     Patch51: sudo-1.8.6p3-loggingperms.patch
133     # 1374410 - Fix "sudo -l command" in the LDAP and SSS backends when the command is not allowed.
134     Patch52: sudo-1.8.6p3-ldap-sssd-notallowedcmnd.patch
135     # 1318374 - Fix sudo parsing sudoers with user's locale
136     Patch53: sudo-1.8.6p3-sudoerslocale.patch
137     # 1365156 - Fix race condition when creating /var/log/sudo-io direcotry
138     Patch54: sudo-1.8.6p3-iologracecondition.patch
139     # 1391938 - CVE-2016-7032 CVE-2016-7076 sudo: various flaws [rhel-6.9]
140     Patch55: sudo-1.8.6p3-noexec-update.patch
141     # 1455399 - CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-6.9.z]
142     Patch56: sudo-1.8.6p3-tty-parsing.patch
143     # 1459408 - CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367) [rhel-6.9.z]
144     Patch57: sudo-1.8.6p7-CVE-2017-1000368.patch
145 jpp 1.2 # 1917729 - EMBARGOED CVE-2021-3156 sudo: Heap-buffer overflow in argument parsing [rhel-7.9.z]
146     Patch58: sudo-1.8.6p3-CVE-2021-3156.patch
147 jpp 1.1
148     %description
149     Sudo (superuser do) allows a system administrator to give certain
150     users (or groups of users) the ability to run some (or all) commands
151     as root while logging all commands and arguments. Sudo operates on a
152     per-command basis. It is not a replacement for the shell. Features
153     include: the ability to restrict what commands a user may run on a
154     per-host basis, copious logging of each command (providing a clear
155     audit trail of who did what), a configurable timeout of the sudo
156     command, and the ability to use the same configuration file (sudoers)
157     on many different machines.
158    
159     %package devel
160     Summary: Development files for %{name}
161     Group: Development/Libraries
162     Requires: %{name} = %{version}-%{release}
163    
164     %description devel
165     The %{name}-devel package contains header files developing sudo
166     plugins that use %{name}.
167    
168     %prep
169     %setup -q
170    
171     %patch1 -p1 -b .strip
172     %patch2 -p1 -b .envdebug
173     %patch3 -p1 -b .auditeditor
174     %patch4 -p1 -b .mantypo
175     %patch5 -p1 -b .sudoedit-selinux
176     %patch6 -p1 -b .aliaswarnonly
177     %patch7 -p1 -b .auditrolechange
178     %patch8 -p1 -b .nowaitopt
179     %patch9 -p1 -b .noauthwarn
180     %patch10 -p1 -b .emallocfail
181     %patch11 -p1 -b .ldap-sssd-usermatch
182     %patch12 -p1 -b .ldapconfparse
183     %patch13 -p1 -b .sssd-noise
184     %patch14 -p1 -b .cyclesegv
185     %patch15 -p1 -b .ALL-with-negation-manupdate
186     %patch16 -p1 -b .nprocfix
187     %patch17 -p1 -b .strictuidgid
188     %patch18 -p1 -b .cycledetect
189     %patch19 -p1 -b .netgrmatchtrace
190     %patch20 -p1 -b .lbufexpandcode
191     %patch21 -p1 -b .logsudouser
192     %patch22 -p1 -b .sssdfixes
193     %patch23 -p1 -b .ipahostname
194     %patch24 -p1 -b .CVE-2013-2777_2776_1775
195     %patch25 -p1 -b .sesharg0fix
196     %patch26 -p1 -b .nonehostname
197     %patch27 -p1 -b .doublequotefix
198     %patch28 -p1 -b .netgrfilterfix
199     %patch29 -p1 -b .sssdrulenames
200     %patch30 -p1 -b .authinterrupt
201     %patch31 -p1 -b .constwarnfix
202     %patch32 -p1 -b .mantypos-ldap
203     %patch33 -p1 -b .nssdupfix
204     %patch34 -p1 -b .sudoorderfix
205     %patch35 -p1 -b .ldapusermatchfix
206     %patch36 -p1 -b .sigpipefix
207     %patch37 -p1 -b .authlogicfix
208     %patch38 -p1 -b .CVE-2014-9680
209     %patch39 -p1 -b .legacy-group-processing
210     %patch40 -p1 -b .netgroup_tuple
211     %patch41 -p1 -b .segfault-null-group-list
212     %patch42 -p1 -b .visudo-quiet-flag
213     %patch43 -p1 -b .pam_servicebackport
214     %patch44 -p1 -b .strunquote
215     %patch45 -p1 -b .rmwhitespaces
216     %patch46 -p1 -b .ldapsearchuidfix
217     %patch47 -p1 -b .mailfix
218     %patch48 -p1 -b .nullexception
219     %patch49 -p1 -b .closefrom-override-fix
220     %patch50 -p1 -b .unprivileged-list-fix
221     %patch51 -p1 -b .loggingperms
222     %patch52 -p1 -b .ldap-sssd-notallowedcmnd
223     %patch53 -p1 -b .sudoerslocale
224     %patch54 -p1 -b .iologracecondition
225     %patch55 -p1 -b .noexec-update
226     %patch56 -p1 -b .tty-parsing
227     %patch57 -p1 -b .CVE-2017-1000368
228 jpp 1.2 %patch58 -p1 -b .heap-buffer
229 jpp 1.1
230     %build
231     autoreconf -I m4 -fv --install
232    
233     %ifarch s390 s390x sparc64
234     F_PIE=-fPIE
235     %else
236     F_PIE=-fpie
237     %endif
238    
239     export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755
240    
241     %configure \
242     --prefix=%{_prefix} \
243     --sbindir=%{_sbindir} \
244     --libdir=%{_libdir} \
245     --docdir=%{_datadir}/doc/%{name}-%{version} \
246     --with-logging=syslog \
247     --with-logfac=authpriv \
248     --with-pam \
249     --with-pam-login \
250     --with-editor=/bin/vi \
251     --with-env-editor \
252     --with-ignore-dot \
253     --with-tty-tickets \
254     --with-ldap \
255     --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
256     --with-selinux \
257     --with-passprompt="[sudo] password for %p: " \
258     --with-linux-audit \
259     --with-sssd
260     # --without-kerb5 \
261     # --without-kerb4
262     make
263    
264     %install
265     rm -rf $RPM_BUILD_ROOT
266    
267     # Update README.LDAP (#736653)
268     sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
269    
270     make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
271     chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
272     install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
273     install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
274     install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
275     install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
276     install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
277    
278     # Remove execute permission on this script so we don't pull in perl deps
279     chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
280    
281     %find_lang sudo
282     %find_lang sudoers
283    
284     cat sudo.lang sudoers.lang > sudo_all.lang
285     rm sudo.lang sudoers.lang
286    
287     mkdir -p $RPM_BUILD_ROOT/etc/pam.d
288     cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
289     #%PAM-1.0
290     auth include system-auth
291     account include system-auth
292     password include system-auth
293     session optional pam_keyinit.so revoke
294     session required pam_limits.so
295     EOF
296    
297     cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
298     #%PAM-1.0
299     auth include sudo
300     account include sudo
301     password include sudo
302     session optional pam_keyinit.so force revoke
303     session required pam_limits.so
304     EOF
305    
306     %clean
307     rm -rf $RPM_BUILD_ROOT
308    
309     %files -f sudo_all.lang
310     %defattr(-,root,root)
311     %attr(0440,root,root) %config(noreplace) /etc/sudoers
312     %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
313     %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
314     %attr(0750,root,root) %dir /etc/sudoers.d/
315     %config(noreplace) /etc/pam.d/sudo
316     %config(noreplace) /etc/pam.d/sudo-i
317     %dir /var/db/sudo
318     %attr(4111,root,root) %{_bindir}/sudo
319     %attr(4111,root,root) %{_bindir}/sudoedit
320     %attr(0111,root,root) %{_bindir}/sudoreplay
321     %attr(0755,root,root) %{_sbindir}/visudo
322     %attr(0755,root,root) %{_libexecdir}/sesh
323     %{_libexecdir}/sudoers.*
324     %{_libexecdir}/sudo_noexec.*
325     %{_mandir}/man5/sudoers.5*
326     %{_mandir}/man5/sudoers.ldap.5*
327     %{_mandir}/man8/sudo.8*
328     %{_mandir}/man8/sudoedit.8*
329     %{_mandir}/man8/sudoreplay.8*
330     %{_mandir}/man8/visudo.8*
331     %{_docdir}/sudo-%{version}/*
332    
333    
334     # Make sure permissions are ok even if we're updating
335     %post
336     /bin/chmod 0440 /etc/sudoers || :
337    
338     %files devel
339     %defattr(-,root,root,-)
340     %doc plugins/sample/sample_plugin.c
341     %{_includedir}/sudo_plugin.h
342     %{_mandir}/man8/sudo_plugin.8*
343    
344     %changelog
345 jpp 1.2 * Thu Feb 04 2021 Jean-Philipe Pialasse <tests@pialasse.com> 1.8.6p3-30.sme
346     - fix CVE-2021-3156 [SME: 11339]
347    
348 jpp 1.1 * Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-29
349     - Fixes CVE-2017-1000368
350     Resolves: rhbz#1459408
351    
352     * Mon May 29 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-28
353     - Fixes CVE-2017-1000367
354     Resolves: rhbz#1455399
355    
356     * Thu Nov 24 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-27
357     - Update noexec syscall blacklist
358     - Fixes CVE-2016-7032 and CVE-2016-7076
359     Resolves: rhbz#1391938
360    
361     * Tue Oct 18 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-26
362     - RHEL-6.9 erratum
363     - Fix race condition when creating /var/log/sudo-io direcotry
364     Resolves: rhbz#1365156
365    
366     * Thu Oct 06 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-25
367     - RHEL-6.9 erratum
368     - Fix "sudo -l command" in the LDAP and SSS backends when the command
369     is not allowed.
370     Resolves: rhbz#1374410
371     - Fix sudo log file wrong group ownership
372     Resolves: rhbz#1330001
373     - Fix sudo parsing sudoers with user's locale
374     Resolves: rhbz#1318374
375    
376     * Tue Mar 01 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-24
377     - RHEL-6.8 erratum
378     - fixed a bug causing that non-root users can list privileges of
379     other users
380     Resolves: rhbz#1312481
381    
382     * Thu Feb 25 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-23
383     - RHEL-6.8 erratum
384     - fixed handling of closefrom_override defaults option
385     Resolves: rhbz#1309976
386    
387     * Wed Jan 20 2016 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-22
388     - RHEL-6.8 erratum
389     - fixed potential getcwd failure, resulting in Null pointer exception
390     Resolves: rhbz#1284886
391    
392     * Tue Dec 15 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
393     - RHEL-6.8 erratum
394     - fixed sssd's detection of user with zero rules
395     Resolves: rhbz#1220480
396    
397     * Mon Dec 14 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
398     - RHEL-6.8 erratum
399     - search also by user id when fetching rules from LDAP
400     Resolves: rhbz#1135531
401    
402     * Tue Dec 8 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
403     - RHEL-6.8 erratum
404     - fixed ldap's and sssd's sudoOption value and remove quotes
405     - fixed ldap's and sssd's sudoOption whitespaces parse problem
406     Resolves: rhbz#1144422
407     Resolves: rhbz#1279447
408    
409     * Tue Dec 8 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
410     - RHEL-6.8 erratum
411     - removed defaults option requiretty from /etc/sudoers
412     - backported pam_service and pam_login_service defaults options
413     - implemented a new defaults option for changing netgroup processing
414     semantics
415     - fixed visudo's quiet cli option
416     Resolves: rhbz#1248695
417     Resolves: rhbz#1247231
418     Resolves: rhbz#1241896
419     Resolves: rhbz#1197885
420     Resolves: rhbz#1233205
421    
422     * Wed Jul 29 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-20
423     - added patch to re-introduce old group processing behaviour
424     Resolves: rhbz#1075836
425    
426     * Tue May 05 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-19
427     - RHEL-6.7 erratum
428     - modified the authlogicfix patch to fix #1144448
429     - fixed a bug in the ldapusermatchfix patch
430     Resolves: rhbz#1144448
431     Resolves: rhbz#1142122
432    
433     * Thu Apr 16 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-18
434     - RHEL-6.7 erratum
435     - fixed the mantypos-ldap.patch
436     Resolves: rhbz#1138267
437    
438     * Tue Mar 31 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-17
439     - RHEL-6.7 erratum
440     - added patch for CVE-2014-9680
441     - added BuildRequires for tzdata
442     Resolves: rhbz#1200253
443    
444     * Wed Mar 4 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-16
445     - RHEL-6.7 erratum
446     - added zlib-devel build required to enable zlib compression support
447     - fixed two typos in the sudoers.ldap man page
448     - fixed a hang when duplicate nss entries are specified in nsswitch.conf
449     - SSSD: implemented sorting of the result entries according to the
450     sudoOrder attribute
451     - LDAP: fixed logic handling the computation of the "user matched" flag
452     - fixed restoring of the SIGPIPE signal in the tgetpass function
453     - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD
454     Resolves: rhbz#1106433
455     Resolves: rhbz#1138267
456     Resolves: rhbz#1147498
457     Resolves: rhbz#1138581
458     Resolves: rhbz#1142122
459     Resolves: rhbz#1094548
460     Resolves: rhbz#1144448
461    
462     * Thu Jul 31 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-15
463     - RHEL-6.6 erratum
464     - SSSD: dropped the ipahostnameshort patch, as it is not
465     needed. rhbz#1033703 is a configuration issue.
466     Related: rhbz#1033703
467    
468     * Wed Jul 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-14
469     - RHEL-6.6 erratum
470     - SSSD: fixed netgroup filter patch
471     - SSSD: dropped serparate patch for #1006463, the fix is now part
472     of the netgroup filter patch
473     Resolves: rhbz#1006463
474     Resolves: rhbz#1083064
475    
476     * Mon May 19 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-13
477     - RHEL-6.6 erratum
478     - don't retry authentication when ctrl-c pressed
479     - fix double-quote processing in Defaults options
480     - fix sesh login shell argv[0]
481     - handle the "(none)" hostname correctly
482     - SSSD: fix ipa_hostname handling
483     - SSSD: fix sudoUser netgroup specification filtering
484     - SSSD: list correct user when -U <user> -l specified
485     - SSSD: show rule names on long listing (-ll)
486     Resolves: rhbz#1065415
487     Resolves: rhbz#1078338
488     Resolves: rhbz#1052940
489     Resolves: rhbz#1083064
490     Resolves: rhbz#1033703
491     Resolves: rhbz#1006447
492     Resolves: rhbz#1006463
493     Resolves: rhbz#1070952
494    
495     * Mon Oct 7 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-12
496     - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776
497     Resolves: rhbz#1015355
498    
499     * Thu Sep 5 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-11
500     - sssd: fixed a bug in ipa_hostname processing
501     Resolves: rhbz#853542
502    
503     * Thu Aug 15 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-10
504     - sssd: fixed buffer size for the ipa_hostname value
505     Resolves: rhbz#853542
506    
507     * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-9
508     - sssd: match against ipa_hostname from sssd.conf too when
509     checking sudoHost
510     Resolves: rhbz#853542
511    
512     * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-8
513     - updated man-page
514     - fixed handling of RLIMIT_NPROC resource limit
515     - fixed alias cycle detection code
516     - added debug messages for tracing of netgroup matching
517     - fixed aborting on realloc when displaying allowed commands
518     - show the SUDO_USER in logs, if running commands as root
519     - sssd: filter netgroups in the sudoUser attribute
520     Resolves: rhbz#856901
521     Resolves: rhbz#947276
522     Resolves: rhbz#886648
523     Resolves: rhbz#994563
524     Resolves: rhbz#848111
525     Resolves: rhbz#994626
526     Resolves: rhbz#973228
527     Resolves: rhbz#880150
528    
529     * Wed Jan 23 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-7
530     - fixed potential stack overflow in visudo
531     Resolves: rhbz#903020
532    
533     * Thu Nov 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-6
534     - added patches to address a number of issues in ldap & sssd plugins
535     - fixed README.LDAP updating in the spec file
536     Resolves: rhbz#860397
537     Resolves: rhbz#876208
538     Resolves: rhbz#876578
539     Resolves: rhbz#879675
540     Resolves: rhbz#879633
541    
542     * Wed Nov 07 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-5
543     - Include just one sample plugin in the documentation for the -devel
544     subpackage. Don't include architecture specific files.
545     - patch: Do not inform the user that the command was not permitted by
546     the policy if they do not successfully authenticate.
547     Resolves: rhbz#759480
548     Resolves: rhbz#871303
549     Resolves: rhbz#872740
550    
551     * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-4
552     - removed %doc since sudo installs the files anyway
553     Resolves: rhbz#759480
554    
555     * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-3
556     - added SHLIB_MODE=755 to get striping to work again
557     Resolves: rhbz#759480
558    
559     * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
560     - extended the default sudo-ldap.conf file
561     - corrected default file permissions on sudo.conf, sudo-ldap.conf
562     - added patch that introduces the cmnd_no_wait Defaults option
563     Resolves: rhbz#840980 - sudo creates a new parent process
564     Resolves: rhbz#860397 - new /etc/sudo-ldap.conf configuration file problems
565    
566     * Mon Sep 24 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
567     - rebase to 1.8.6p3
568     - new -devel subpackage
569     - new configuration file: /etc/sudo.conf
570     Resolves: rhbz#852045 - ulimit -c got Operation not permitted
571     Resolves: rhbz#804123 - sudo does not call pam_close_session() or pam_end()
572     Resolves: rhbz#828707 - sudo fails to report error correctly when execv(3) fails
573     Resolves: rhbz#844691 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
574     Resolves: rhbz#759480 - Rebase sudo to 1.8 in RHEL 6.4
575     Resolves: rhbz#846117 - Sudo interpretation of wildcard command arguments is more lenient providing a security risk
576     Resolves: rhbz#789937 - [RFE] Add ability to treat files authoritatively in sudoers.ldap
577     Resolves: rhbz#836242 - sudo -s -u USERNAME can't change ulimit -c
578    
579     * Tue Jul 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-13
580     - fixed job control
581     Resolves: rhbz#823993
582    
583     * Fri Jun 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-12
584     - added patch for CVE-2012-2337
585     Resolves: rhbz#829757
586    
587     * Wed May 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-11
588     - use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK (#821976)
589     Resolves: rhbz#821976
590    
591     * Fri May 04 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10.1
592     - backported ldap code modifications that fix an issue with tls_checkpeer (#810372)
593     Resolves: rhbz#810372
594    
595     * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10
596     - fixed bug in Runas_Spec group matching (#810147)
597     - disable `sudo -l' output word wrapping if the output
598     is piped (#810326)
599     - fixed `sudo -i' command escaping (#806095)
600     Resolves: rhbz#806095
601     Resolves: rhbz#810147
602     Resolves: rhbz#810326
603    
604     * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-9
605     - fixed uninitialized value warning introduced with the sudoedit-selinux patch
606     Resolves: rhbz#806386
607    
608     * Thu Mar 01 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-8
609     - created a separate ldap configuration file, sudo-ldap.conf
610     - visudo: mark unused aliases as warnings, not errors
611     - backported signal handling from 1.7.5
612     - don't disable coredumping from the code, rely on /proc/sys/fs/suid_dumpable
613     - use correct SELinux context when editing files with sudoedit
614     - fixed visudo syntax checks
615     - fixed typos and inconsistencies in documentation
616     - switched to an updated -getgrouplist patch to fix sudo -l -U <user> behavior
617     Resolves: rhbz#760843
618     Resolves: rhbz#736030
619     Resolves: rhbz#697775
620     Resolves: rhbz#726634
621     Resolves: rhbz#708515
622     Resolves: rhbz#736653
623     Resolves: rhbz#667120
624     Resolves: rhbz#769701
625     Resolves: rhbz#751680
626     Resolves: rhbz#604297
627     Resolves: rhbz#797511
628    
629     * Thu Jul 21 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-7
630     - set ldap configuration file to nslcd.conf
631     Resolves: rhbz#709235
632    
633     * Thu Jul 14 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-6
634     - removed the --with-ldap-*conf options
635     - added RELRO flags
636     Resolves: rhbz#709235
637     Resolves: rhbz#709859
638    
639     * Tue Apr 19 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-5
640     - patch: log failed user role changes
641     Resolves: rhbz#665131
642    
643     * Wed Mar 23 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
644     - added #includedir /etc/sudoers.d to sudoers
645     Resolves: rhbz#615087
646    
647     * Tue Mar 22 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-3
648     - added !visiblepw option to sudoers
649     Resolves: rhbz#688640
650    
651     * Fri Feb 4 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
652     - added patch for rhbz#665131
653     Resolves: rhbz#665131
654    
655     * Thu Jan 13 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-1
656     - rebase to latest stable version
657     - sudo now uses /var/db/sudo for timestamps
658     - new command available: sudoreplay
659     - use native audit support
660     - sync configuration paths with the nss_ldap package
661     Resolves: rhbz#615087
662     Resolves: rhbz#652726
663     Resolves: rhbz#634159
664     Resolves: rhbz#603823
665    
666     * Wed Sep 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-9
667     - added patch for CVE-2010-2956 (#628628)
668     Resolves: rhbz#629054
669    
670     * Tue Aug 03 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-8
671     - sudoers change: always set $HOME to the target user home directory
672     Resolves: rhbz#619293
673    
674     * Thu Jul 15 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-7
675     - move the sudo_end* calls before closefrom()
676     - close audit_fd before exec
677     - fixed typo in Makefile.in
678     Resolves: rhbz#569313
679    
680     * Tue Jun 8 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-6
681     - fixed segfault when #include directive is used in cycles
682     Resolves: rhbz#598363
683    
684     * Tue Jun 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
685     - added patch that fixes insufficient environment sanitization issue (#598154)
686     Resolves: rhbz#598383
687    
688     * Tue Apr 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
689     - added second patch for CVE-2010-0426 (#580441)
690     Resolves: rhbz#580527
691    
692     * Wed Feb 24 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
693     - added patch for CVE-2010-0426 (#567337)
694     Resolves: rhbz#567675
695    
696     * Wed Jan 27 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-2
697     - changed the License: value to ISC
698     Related: rhbz#543948
699    
700     * Wed Jan 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
701     - new upstream version
702     Resolves: rhbz#554321
703     - drop *.pod man page duplicates from docs
704     - commented out unused aliases in sudoers to make visudo happy (#550239)
705    
706     * Tue Jan 12 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.1-8
707     - Rebuild for new libaudit
708     Related: rhbz#543948
709    
710     * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
711     - rebuilt with new audit
712    
713     * Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
714     - moved secure_path from compile-time option to sudoers file (#517428)
715    
716     * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
717     - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
718    
719     * Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
720     - moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
721     - epoch number sync
722    
723     * Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
724     - updated sudo to version 1.7.1
725     - fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
726    
727     * Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
728     - fixed building with new libtool
729     - fix for incorrect handling of groups in Runas_User
730     - added /usr/local/sbin to secure-path
731    
732     * Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
733     - build with sendmail installed
734     - Added /usr/local/bin to secure-path
735    
736     * Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
737     - adjust audit patch, do not scream when kernel is
738     compiled without audit netlink support (#401201)
739    
740     * Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
741     - upgrade
742    
743     * Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
744     - build with newer autoconf-2.62 (#449614)
745    
746     * Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
747     - compiled with secure path (#80215)
748    
749     * Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
750     - fix path to updatedb in /etc/sudoers (#445103)
751    
752     * Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
753     - include ldap files in rpm package (#439506)
754    
755     * Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
756     - include [sudo] in password prompt (#437092)
757    
758     * Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
759     - audit support improvement
760    
761     * Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
762     - upgrade to the latest upstream release
763    
764     * Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
765     - upgrade to the latest upstream release
766     - add selinux support
767    
768     * Mon Feb 02 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
769     - sparc64 needs to be in the -fPIE list with s390
770    
771     * Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
772     - fix complains about audit_log_user_command(): Connection
773     refused (#401201)
774    
775     * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
776     - Rebuild for deps
777    
778     * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
779     - Rebuild for openssl bump
780    
781     * Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
782     - fix autotools stuff and add audit support
783    
784     * Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
785     - upgrade to upstream release
786    
787     * Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
788     - also use getgrouplist() to determine group membership (#235915)
789    
790     * Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
791     - fix some spec file issues
792    
793     * Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
794     - fix rpmlint issue
795    
796     * Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
797     - fix typo in sudoers file (#212308)
798    
799     * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
800     - rebuilt for unwind info generation, broken in gcc-4.1.1-21
801    
802     * Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
803     - fix sudoers file, X apps didn't work (#206320)
804    
805     * Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
806     - use Red Hat specific default sudoers file
807    
808     * Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
809     - fix #198755 - make login processes (sudo -i) initialise session keyring
810     (thanks for PAM config files to David Howells)
811     - add IPv6 support (patch by Milan Zazrivec)
812    
813     * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
814     - rebuild
815    
816     * Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
817     - fix #190062 - "ssh localhost sudo su" will show the password in clear
818    
819     * Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
820     - add LDAP support (#170848)
821    
822     * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
823     - bump again for double-long bug on ppc(64)
824    
825     * Wed Feb 8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
826     - reset env. by default
827    
828     * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
829     - rebuilt for new gcc4.1 snapshot and glibc changes
830    
831     * Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
832     - Remove selinux patch. It has been decided that the SELinux patch for sudo is
833     - no longer necessary. In tageted policy it had no effect. In strict/MLS policy
834     - We require the person using sudo to execute newrole before using sudo.
835    
836     * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
837     - rebuilt
838    
839     * Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
840     - new upstream version 1.6.8p12
841    
842     * Tue Nov 8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
843     - new upstream version 1.6.8p11
844    
845     * Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
846     - use include instead of pam_stack in pam config
847    
848     * Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
849     - enable interfaces in selinux patch
850     - merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
851    
852     * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
853     - fix debuginfo
854    
855     * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
856     - fix #162623 - sesh hangs when child suspends
857    
858     * Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
859     - Add back in interfaces call, SELinux has been fixed to work around
860    
861     * Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
862     - new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
863    
864     * Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
865     - fix #154511 - sudo does not use limits.conf
866    
867     * Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
868     - new version 1.6.8p8: new sudoedit and sudo_noexec
869    
870     * Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
871     - rebuild
872    
873     * Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
874     - added missing BuildRequires for libselinux-devel (#132883)
875    
876     * Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
877     - Fix missing param error in sesh
878    
879     * Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
880     - Remove full patch check from sesh
881    
882     * Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
883     - Fix selinux patch to switch to root user
884    
885     * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
886     - rebuilt
887    
888     * Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
889     - Eliminate tty handling from selinux
890    
891     * Thu Apr 1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
892     - fixed spec file: sesh in file section with selinux flag (#119682)
893    
894     * Thu Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
895     - Enhance sesh.c to fork/exec children itself, to avoid
896     having sudo reap all domains.
897     - Only reinstall default signal handlers immediately before
898     exec of child with SELinux patch
899    
900     * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
901     - change to default to sysadm_r
902     - Fix tty handling
903    
904     * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
905     - Add /bin/sesh to run selinux code.
906     - replace /bin/bash -c with /bin/sesh
907    
908     * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
909     - Hard code to use "/bin/bash -c" for selinux
910    
911     * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
912     - Eliminate closing and reopening of terminals, to match su.
913    
914     * Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
915     - SELinux fixes to make transitions work properly
916    
917     * Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
918     - pied sudo
919    
920     * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
921     - rebuilt
922    
923     * Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
924     - Eliminate interfaces call, since this requires big SELinux privs
925     - and it seems to be useless.
926    
927     * Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
928     - visudo requires vim-minimal or setting EDITOR to something useful (#68605)
929    
930     * Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
931     - Fix is_selinux_enabled call
932    
933     * Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
934     - Clean up patch on failure
935    
936     * Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
937     - Remove sudo.te for now.
938    
939     * Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
940     - Fix usage message
941    
942     * Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
943     - Clean up sudo.te to not blow up if pam.te not present
944    
945     * Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
946     - added missing BuildRequires for groff
947    
948     * Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
949     - remove left-over debugging code
950    
951     * Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
952     - Fix terminal handling that caused Sudo to exit on non selinux machines.
953    
954     * Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
955     - Remove sudo_var_run_t which is now pam_var_run_t
956    
957     * Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
958     - Fix terminal handling and policy
959    
960     * Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
961     - Fix policy
962    
963     * Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
964     - Turn on SELinux support
965    
966     * Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
967     - Add support for SELinux
968    
969     * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
970     - rebuilt
971    
972     * Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
973    
974     * Wed Jan 22 2003 Tim Powers <timp@redhat.com>
975     - rebuilt
976    
977     * Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
978     - remove absolute path names from the PAM configuration, ensuring that the
979     right modules get used for whichever arch we're built for
980     - don't try to install the FAQ, which isn't there any more
981    
982     * Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
983     - update to 1.6.6
984    
985     * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
986     - automated rebuild
987    
988     * Thu May 23 2002 Tim Powers <timp@redhat.com>
989     - automated rebuild
990    
991     * Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
992     - Fix bug #63768
993    
994     * Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
995     - 1.6.5p2
996    
997     * Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
998     - 1.6.5p1
999     - Hope this "a new release per day" madness stops ;)
1000    
1001     * Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
1002     - 1.6.5
1003    
1004     * Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
1005     - 1.6.4p1
1006    
1007     * Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
1008     - Update to 1.6.4
1009    
1010     * Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
1011     - Add build requirements (#49706)
1012     - s/Copyright/License/
1013     - bzip2 source
1014    
1015     * Sat Jun 16 2001 Than Ngo <than@redhat.com>
1016     - update to 1.6.3p7
1017     - use %%{_tmppath}
1018    
1019     * Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
1020     - 1.6.3p6, fixes buffer overrun
1021    
1022     * Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1023     - 1.6.3p5
1024    
1025     * Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
1026     - automatic rebuild
1027    
1028     * Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
1029     - fixed owner of sudo and visudo
1030    
1031     * Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
1032     - modify PAM setup to use system-auth
1033     - clean up buildrooting by using the makeinstall macro
1034    
1035     * Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1036     - initial build in main distrib
1037     - update to 1.6.3
1038     - deal with compressed man pages
1039    
1040     * Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
1041     - updated to 1.6.1 for Powertools 6.2
1042     - config files are now noreplace.
1043    
1044     * Thu Jul 22 1999 Tim Powers <timp@redhat.com>
1045     - updated to 1.5.9p2 for Powertools 6.1
1046    
1047     * Wed May 12 1999 Bill Nottingham <notting@redhat.com>
1048     - sudo is configured with pam. There's no pam.d file. Oops.
1049    
1050     * Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
1051     - upgraded to 1.59p1 for powertools 6.0
1052    
1053     * Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
1054     - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
1055    
1056     * Fri Oct 08 1998 Michael Maher <mike@redhat.com>
1057     - built package for 5.2
1058    
1059     * Mon May 18 1998 Michael Maher <mike@redhat.com>
1060     - updated SPEC file
1061    
1062     * Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
1063     - updated to 1.5.4
1064    
1065     * Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
1066     - built for glibc, no problems
1067    
1068     * Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
1069     - Fixed for 4.2 PowerTools
1070     - Still need to be pamified
1071     - Still need to move stmp file to /var/log
1072    
1073     * Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
1074     - First version for PowerCD.
1075    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed