/[smeserver]/rpms/sudo/sme9/sudo.spec
ViewVC logotype

Contents of /rpms/sudo/sme9/sudo.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Thu Feb 4 19:44:49 2021 UTC (3 years, 9 months ago) by jpp
Branch: MAIN
CVS Tags: sudo-1_8_6p3-29_el6_9
Sudo

1 Summary: Allows restricted root access for specified users
2 Name: sudo
3 Version: 1.8.6p3
4 Release: 29%{?dist}
5 License: ISC
6 Group: Applications/System
7 URL: http://www.courtesan.com/sudo/
8 Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
9 Source1: sudo-1.8.6p3-sudoers
10 Source2: sudo-1.7.4p5-sudo-ldap.conf
11 Source3: sudo-1.8.6p3-sudo.conf
12 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
13 Requires: /etc/pam.d/system-auth, vim-minimal
14
15 BuildRequires: pam-devel
16 BuildRequires: groff
17 BuildRequires: openldap-devel
18 BuildRequires: flex
19 BuildRequires: bison
20 BuildRequires: automake autoconf libtool
21 BuildRequires: audit-libs-devel libcap-devel
22 BuildRequires: libselinux-devel
23 BuildRequires: sendmail
24 BuildRequires: zlib-devel
25 BuildRequires: tzdata
26
27 # don't strip
28 Patch1: sudo-1.6.7p5-strip.patch
29 # configure.in fix
30 Patch2: sudo-1.7.2p1-envdebug.patch
31 # show the editor being executed by `sudo -e' in audit messages
32 Patch3: sudo-1.8.6p3-auditeditor.patch
33 # fix manpage typo (#726634)
34 Patch4: sudo-1.8.6p3-mantypo.patch
35 # correct SELinux handling in sudoedit mode (#697775)
36 Patch5: sudo-1.8.6p3-sudoedit-selinux.patch
37 # [RFE] Fix visudo -s to be backwards compatible (#604297)
38 Patch6: sudo-1.8.6p3-aliaswarnonly.patch
39 # log failed user role changes (#665131)
40 Patch7: sudo-1.8.6p3-auditrolechange.patch
41 # 840980 - sudo creates a new parent process
42 # Adds cmnd_no_wait Defaults option
43 Patch8: sudo-1.8.6p3-nowaitopt.patch
44 # Do not inform the user that the command was not permitted by the
45 # policy if they do not successfully authenticate.
46 Patch9: sudo-1.8.6p3-noauthwarn-regression.patch
47 # 876578 - erealloc3 error on sssd sudoHost netgroup mismatch
48 Patch10: sudo-1.8.6p3-emallocfail.patch
49 # 876208 - sudoRunAsUser #uid specification doesn't work
50 Patch11: sudo-1.8.6p3-ldap-sssd-usermatch.patch
51 # 879675 - sudo parse ldap.conf incorrectly
52 Patch12: sudo-1.8.6p3-ldapconfparse.patch
53 # 879633 - sudo + sssd + local user sends e-mail to administrator
54 Patch13: sudo-1.8.6p3-sssd-noise.patch
55 # 903020 - sudoers containing specially crafted aliases causes segfault of visudo
56 Patch14: sudo-1.8.6p3-cyclesegv.patch
57 # 856901 - Defauts:!<user> syntax in sudoers doesn't seem to work as expected
58 Patch15: sudo-1.8.6p3-ALL-with-negation-manupdate.patch
59 # 947276 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
60 Patch16: sudo-1.8.6p3-nprocfix.patch
61 # 886648 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup
62 Patch17: sudo-1.8.6p3-strictuidgid.patch
63 # 994563 - Warning in visudo: cycle in Host_Alias even without cycle
64 Patch18: sudo-1.8.6p3-cycledetect.patch
65 # 848111 - Improve error message
66 Patch19: sudo-1.8.6p3-netgrmatchtrace.patch
67 # 994626 - sudo -u <user> sudo -l show error: *** glibc detected *** sudo: realloc(): invalid next size
68 Patch20: sudo-1.8.6p3-lbufexpandcode.patch
69 # 973228 - RHEL6 sudo logs username "root" instead of realuser in /var/log/secure
70 Patch21: sudo-1.8.6p3-logsudouser.patch
71 # 880150 - sssd +netgroup sudoUser is always matched
72 Patch22: sudo-1.8.6p3-sssdfixes.patch
73 # 853542 - sudo should use ipa_hostname in IPA backend when defined
74 Patch23: sudo-1.8.6p3-ipahostname.patch
75 # 1015355 - CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 sudo: various flaws
76 # upstream ref: 2f3225a2a4a4 049a12a5cc14 ebd6cc75020f
77 Patch24: sudo-1.8.6p3-CVE-2013-2777_2776_1775.patch
78 # 1065415 - -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell
79 Patch25: sudo-1.8.6p3-sesharg0fix.patch
80 # 1078338 - sudo does not handle the "(none)" string, when no domainname is set, which breaks when nscd is enabled
81 Patch26: sudo-1.8.6p3-nonehostname.patch
82 # 1052940 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
83 Patch27: sudo-1.8.6p3-doublequotefix.patch
84 # 1083064 - With sudo-1.8.6p3-12.el6.x86_64 version, If a sudo rules contains +netgroup in sudoUser attribute it result in access denied
85 # 1006463 - sudo -U <user> listing shows incorrect list when sssd is used.
86 Patch28: sudo-1.8.6p3-netgrfilterfix.patch
87 # 1006447 - sudo -ll does not list the rule names when sssd is used.
88 Patch29: sudo-1.8.6p3-sssdrulenames.patch
89 # 1070952 - pam_faillock causes sudo to lock user when user aborts password prompt
90 Patch30: sudo-1.8.6p3-authinterrupt.patch
91 # Fix compiler warnings about discarting const qualifiers
92 Patch31: sudo-1.8.6p3-constwarnfix.patch
93 # 1138267 - sudoers.ldap man page has typos in description
94 Patch32: sudo-1.8.6p3-mantypos-ldap.patch
95 # 1147498 - duplicate sss module in nsswitch breaks sudo
96 Patch33: sudo-1.8.6p3-nssdupfix.patch
97 # 1138581 - sudo with sssd doesn't work correctly with sudoOrder option
98 Patch34: sudo-1.8.6p3-sudoorderfix.patch
99 # 1142122 - sudo option mail_no_user doesn't work
100 Patch35: sudo-1.8.6p3-ldapusermatchfix.patch
101 # 1094548 - sudo - cmnd_no_wait can cause child processes to ignore SIGPIPE
102 Patch36: sudo-1.8.6p3-sigpipefix.patch
103 # 1144448 - sudo with ldap doesn't work correctly with 'listpw=all' and 'verifypw=all' in sudoOption entry
104 Patch37: sudo-1.8.6p3-authlogicfix.patch
105 # 1200253 - CVE-2014-9680 sudo: unsafe handling of TZ environment variable [rhel-6.7]
106 Patch38: sudo-1.8.6p3-CVE-2014-9680.patch
107 # 1075836 - Sudo taking a long time when user information is stored externally.
108 Patch39: sudo-1.8.6p3-legacy-group-processing.patch
109 # 1241896 - [RFE] Implement sudoers option to change netgroup processing semantics
110 Patch40: sudo-1.8.6p3-netgroup_tuple.patch
111 # 1248695 - sudo segfault segfault at 8 i error 4 in sudoers.so
112 Patch41: sudo-1.8.6p3-seqfault-null-group-list.patch
113 # 1197885 - visudo ignores -q flag
114 Patch42: sudo-1.8.6p3-visudo-quiet-flag.patch
115 # 1247231 - [RFE] Backport pam_service and pam_login_service sudoers options from sudo 1.8.8
116 Patch43: sudo-1.8.6p3-pam_servicebackport.patch
117 # 1144422 - sudo with ldap/sssd doesn't respect env_keep,env_check and env_delete variables in sudoOption
118 Patch44: sudo-1.8.6p3-strunquote.patch
119 # 1279447 - sudo command throwing error when defaults records are added in ldap based on sudoers2ldif generated ldif
120 Patch45: sudo-1.8.6p3-ldap_sssd_parse_whitespaces.patch
121 # 1135531 - sudo with ldap doesn't work with 'user id' in sudoUser option
122 Patch46: sudo-1.8.6p3-ldapsearchuidfix.patch
123 # 1220480 - sudo option mail_no_user doesn't work with sssd provider
124 Patch47: sudo-1.8.6p3-sssd-mailfix.patch
125 # 1284886 - getcwd failed, resulting in Null pointer exception
126 Patch48: sudo-1.8.6p3-null_exception.patch
127 # 1309976 - closefrom_override sudo option not working
128 Patch49: sudo-1.8.6p7-closefrom-override-fix.patch
129 # 1312481 - non-root user can list privileges of other users
130 Patch50: sudo-1.8.6p3-unprivileged-list-fix.patch
131 # 1330001 - Fix sudo log file wrong group ownership
132 Patch51: sudo-1.8.6p3-loggingperms.patch
133 # 1374410 - Fix "sudo -l command" in the LDAP and SSS backends when the command is not allowed.
134 Patch52: sudo-1.8.6p3-ldap-sssd-notallowedcmnd.patch
135 # 1318374 - Fix sudo parsing sudoers with user's locale
136 Patch53: sudo-1.8.6p3-sudoerslocale.patch
137 # 1365156 - Fix race condition when creating /var/log/sudo-io direcotry
138 Patch54: sudo-1.8.6p3-iologracecondition.patch
139 # 1391938 - CVE-2016-7032 CVE-2016-7076 sudo: various flaws [rhel-6.9]
140 Patch55: sudo-1.8.6p3-noexec-update.patch
141 # 1455399 - CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-6.9.z]
142 Patch56: sudo-1.8.6p3-tty-parsing.patch
143 # 1459408 - CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367) [rhel-6.9.z]
144 Patch57: sudo-1.8.6p7-CVE-2017-1000368.patch
145
146
147 %description
148 Sudo (superuser do) allows a system administrator to give certain
149 users (or groups of users) the ability to run some (or all) commands
150 as root while logging all commands and arguments. Sudo operates on a
151 per-command basis. It is not a replacement for the shell. Features
152 include: the ability to restrict what commands a user may run on a
153 per-host basis, copious logging of each command (providing a clear
154 audit trail of who did what), a configurable timeout of the sudo
155 command, and the ability to use the same configuration file (sudoers)
156 on many different machines.
157
158 %package devel
159 Summary: Development files for %{name}
160 Group: Development/Libraries
161 Requires: %{name} = %{version}-%{release}
162
163 %description devel
164 The %{name}-devel package contains header files developing sudo
165 plugins that use %{name}.
166
167 %prep
168 %setup -q
169
170 %patch1 -p1 -b .strip
171 %patch2 -p1 -b .envdebug
172 %patch3 -p1 -b .auditeditor
173 %patch4 -p1 -b .mantypo
174 %patch5 -p1 -b .sudoedit-selinux
175 %patch6 -p1 -b .aliaswarnonly
176 %patch7 -p1 -b .auditrolechange
177 %patch8 -p1 -b .nowaitopt
178 %patch9 -p1 -b .noauthwarn
179 %patch10 -p1 -b .emallocfail
180 %patch11 -p1 -b .ldap-sssd-usermatch
181 %patch12 -p1 -b .ldapconfparse
182 %patch13 -p1 -b .sssd-noise
183 %patch14 -p1 -b .cyclesegv
184 %patch15 -p1 -b .ALL-with-negation-manupdate
185 %patch16 -p1 -b .nprocfix
186 %patch17 -p1 -b .strictuidgid
187 %patch18 -p1 -b .cycledetect
188 %patch19 -p1 -b .netgrmatchtrace
189 %patch20 -p1 -b .lbufexpandcode
190 %patch21 -p1 -b .logsudouser
191 %patch22 -p1 -b .sssdfixes
192 %patch23 -p1 -b .ipahostname
193 %patch24 -p1 -b .CVE-2013-2777_2776_1775
194 %patch25 -p1 -b .sesharg0fix
195 %patch26 -p1 -b .nonehostname
196 %patch27 -p1 -b .doublequotefix
197 %patch28 -p1 -b .netgrfilterfix
198 %patch29 -p1 -b .sssdrulenames
199 %patch30 -p1 -b .authinterrupt
200 %patch31 -p1 -b .constwarnfix
201 %patch32 -p1 -b .mantypos-ldap
202 %patch33 -p1 -b .nssdupfix
203 %patch34 -p1 -b .sudoorderfix
204 %patch35 -p1 -b .ldapusermatchfix
205 %patch36 -p1 -b .sigpipefix
206 %patch37 -p1 -b .authlogicfix
207 %patch38 -p1 -b .CVE-2014-9680
208 %patch39 -p1 -b .legacy-group-processing
209 %patch40 -p1 -b .netgroup_tuple
210 %patch41 -p1 -b .segfault-null-group-list
211 %patch42 -p1 -b .visudo-quiet-flag
212 %patch43 -p1 -b .pam_servicebackport
213 %patch44 -p1 -b .strunquote
214 %patch45 -p1 -b .rmwhitespaces
215 %patch46 -p1 -b .ldapsearchuidfix
216 %patch47 -p1 -b .mailfix
217 %patch48 -p1 -b .nullexception
218 %patch49 -p1 -b .closefrom-override-fix
219 %patch50 -p1 -b .unprivileged-list-fix
220 %patch51 -p1 -b .loggingperms
221 %patch52 -p1 -b .ldap-sssd-notallowedcmnd
222 %patch53 -p1 -b .sudoerslocale
223 %patch54 -p1 -b .iologracecondition
224 %patch55 -p1 -b .noexec-update
225 %patch56 -p1 -b .tty-parsing
226 %patch57 -p1 -b .CVE-2017-1000368
227
228 %build
229 autoreconf -I m4 -fv --install
230
231 %ifarch s390 s390x sparc64
232 F_PIE=-fPIE
233 %else
234 F_PIE=-fpie
235 %endif
236
237 export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755
238
239 %configure \
240 --prefix=%{_prefix} \
241 --sbindir=%{_sbindir} \
242 --libdir=%{_libdir} \
243 --docdir=%{_datadir}/doc/%{name}-%{version} \
244 --with-logging=syslog \
245 --with-logfac=authpriv \
246 --with-pam \
247 --with-pam-login \
248 --with-editor=/bin/vi \
249 --with-env-editor \
250 --with-ignore-dot \
251 --with-tty-tickets \
252 --with-ldap \
253 --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
254 --with-selinux \
255 --with-passprompt="[sudo] password for %p: " \
256 --with-linux-audit \
257 --with-sssd
258 # --without-kerb5 \
259 # --without-kerb4
260 make
261
262 %install
263 rm -rf $RPM_BUILD_ROOT
264
265 # Update README.LDAP (#736653)
266 sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
267
268 make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
269 chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
270 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
271 install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
272 install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
273 install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
274 install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
275
276 # Remove execute permission on this script so we don't pull in perl deps
277 chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
278
279 %find_lang sudo
280 %find_lang sudoers
281
282 cat sudo.lang sudoers.lang > sudo_all.lang
283 rm sudo.lang sudoers.lang
284
285 mkdir -p $RPM_BUILD_ROOT/etc/pam.d
286 cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
287 #%PAM-1.0
288 auth include system-auth
289 account include system-auth
290 password include system-auth
291 session optional pam_keyinit.so revoke
292 session required pam_limits.so
293 EOF
294
295 cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
296 #%PAM-1.0
297 auth include sudo
298 account include sudo
299 password include sudo
300 session optional pam_keyinit.so force revoke
301 session required pam_limits.so
302 EOF
303
304 %clean
305 rm -rf $RPM_BUILD_ROOT
306
307 %files -f sudo_all.lang
308 %defattr(-,root,root)
309 %attr(0440,root,root) %config(noreplace) /etc/sudoers
310 %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
311 %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
312 %attr(0750,root,root) %dir /etc/sudoers.d/
313 %config(noreplace) /etc/pam.d/sudo
314 %config(noreplace) /etc/pam.d/sudo-i
315 %dir /var/db/sudo
316 %attr(4111,root,root) %{_bindir}/sudo
317 %attr(4111,root,root) %{_bindir}/sudoedit
318 %attr(0111,root,root) %{_bindir}/sudoreplay
319 %attr(0755,root,root) %{_sbindir}/visudo
320 %attr(0755,root,root) %{_libexecdir}/sesh
321 %{_libexecdir}/sudoers.*
322 %{_libexecdir}/sudo_noexec.*
323 %{_mandir}/man5/sudoers.5*
324 %{_mandir}/man5/sudoers.ldap.5*
325 %{_mandir}/man8/sudo.8*
326 %{_mandir}/man8/sudoedit.8*
327 %{_mandir}/man8/sudoreplay.8*
328 %{_mandir}/man8/visudo.8*
329 %{_docdir}/sudo-%{version}/*
330
331
332 # Make sure permissions are ok even if we're updating
333 %post
334 /bin/chmod 0440 /etc/sudoers || :
335
336 %files devel
337 %defattr(-,root,root,-)
338 %doc plugins/sample/sample_plugin.c
339 %{_includedir}/sudo_plugin.h
340 %{_mandir}/man8/sudo_plugin.8*
341
342 %changelog
343 * Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-29
344 - Fixes CVE-2017-1000368
345 Resolves: rhbz#1459408
346
347 * Mon May 29 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-28
348 - Fixes CVE-2017-1000367
349 Resolves: rhbz#1455399
350
351 * Thu Nov 24 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-27
352 - Update noexec syscall blacklist
353 - Fixes CVE-2016-7032 and CVE-2016-7076
354 Resolves: rhbz#1391938
355
356 * Tue Oct 18 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-26
357 - RHEL-6.9 erratum
358 - Fix race condition when creating /var/log/sudo-io direcotry
359 Resolves: rhbz#1365156
360
361 * Thu Oct 06 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-25
362 - RHEL-6.9 erratum
363 - Fix "sudo -l command" in the LDAP and SSS backends when the command
364 is not allowed.
365 Resolves: rhbz#1374410
366 - Fix sudo log file wrong group ownership
367 Resolves: rhbz#1330001
368 - Fix sudo parsing sudoers with user's locale
369 Resolves: rhbz#1318374
370
371 * Tue Mar 01 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-24
372 - RHEL-6.8 erratum
373 - fixed a bug causing that non-root users can list privileges of
374 other users
375 Resolves: rhbz#1312481
376
377 * Thu Feb 25 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-23
378 - RHEL-6.8 erratum
379 - fixed handling of closefrom_override defaults option
380 Resolves: rhbz#1309976
381
382 * Wed Jan 20 2016 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-22
383 - RHEL-6.8 erratum
384 - fixed potential getcwd failure, resulting in Null pointer exception
385 Resolves: rhbz#1284886
386
387 * Tue Dec 15 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
388 - RHEL-6.8 erratum
389 - fixed sssd's detection of user with zero rules
390 Resolves: rhbz#1220480
391
392 * Mon Dec 14 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
393 - RHEL-6.8 erratum
394 - search also by user id when fetching rules from LDAP
395 Resolves: rhbz#1135531
396
397 * Tue Dec 8 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
398 - RHEL-6.8 erratum
399 - fixed ldap's and sssd's sudoOption value and remove quotes
400 - fixed ldap's and sssd's sudoOption whitespaces parse problem
401 Resolves: rhbz#1144422
402 Resolves: rhbz#1279447
403
404 * Tue Dec 8 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
405 - RHEL-6.8 erratum
406 - removed defaults option requiretty from /etc/sudoers
407 - backported pam_service and pam_login_service defaults options
408 - implemented a new defaults option for changing netgroup processing
409 semantics
410 - fixed visudo's quiet cli option
411 Resolves: rhbz#1248695
412 Resolves: rhbz#1247231
413 Resolves: rhbz#1241896
414 Resolves: rhbz#1197885
415 Resolves: rhbz#1233205
416
417 * Wed Jul 29 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-20
418 - added patch to re-introduce old group processing behaviour
419 Resolves: rhbz#1075836
420
421 * Tue May 05 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-19
422 - RHEL-6.7 erratum
423 - modified the authlogicfix patch to fix #1144448
424 - fixed a bug in the ldapusermatchfix patch
425 Resolves: rhbz#1144448
426 Resolves: rhbz#1142122
427
428 * Thu Apr 16 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-18
429 - RHEL-6.7 erratum
430 - fixed the mantypos-ldap.patch
431 Resolves: rhbz#1138267
432
433 * Tue Mar 31 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-17
434 - RHEL-6.7 erratum
435 - added patch for CVE-2014-9680
436 - added BuildRequires for tzdata
437 Resolves: rhbz#1200253
438
439 * Wed Mar 4 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-16
440 - RHEL-6.7 erratum
441 - added zlib-devel build required to enable zlib compression support
442 - fixed two typos in the sudoers.ldap man page
443 - fixed a hang when duplicate nss entries are specified in nsswitch.conf
444 - SSSD: implemented sorting of the result entries according to the
445 sudoOrder attribute
446 - LDAP: fixed logic handling the computation of the "user matched" flag
447 - fixed restoring of the SIGPIPE signal in the tgetpass function
448 - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD
449 Resolves: rhbz#1106433
450 Resolves: rhbz#1138267
451 Resolves: rhbz#1147498
452 Resolves: rhbz#1138581
453 Resolves: rhbz#1142122
454 Resolves: rhbz#1094548
455 Resolves: rhbz#1144448
456
457 * Thu Jul 31 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-15
458 - RHEL-6.6 erratum
459 - SSSD: dropped the ipahostnameshort patch, as it is not
460 needed. rhbz#1033703 is a configuration issue.
461 Related: rhbz#1033703
462
463 * Wed Jul 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-14
464 - RHEL-6.6 erratum
465 - SSSD: fixed netgroup filter patch
466 - SSSD: dropped serparate patch for #1006463, the fix is now part
467 of the netgroup filter patch
468 Resolves: rhbz#1006463
469 Resolves: rhbz#1083064
470
471 * Mon May 19 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-13
472 - RHEL-6.6 erratum
473 - don't retry authentication when ctrl-c pressed
474 - fix double-quote processing in Defaults options
475 - fix sesh login shell argv[0]
476 - handle the "(none)" hostname correctly
477 - SSSD: fix ipa_hostname handling
478 - SSSD: fix sudoUser netgroup specification filtering
479 - SSSD: list correct user when -U <user> -l specified
480 - SSSD: show rule names on long listing (-ll)
481 Resolves: rhbz#1065415
482 Resolves: rhbz#1078338
483 Resolves: rhbz#1052940
484 Resolves: rhbz#1083064
485 Resolves: rhbz#1033703
486 Resolves: rhbz#1006447
487 Resolves: rhbz#1006463
488 Resolves: rhbz#1070952
489
490 * Mon Oct 7 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-12
491 - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776
492 Resolves: rhbz#1015355
493
494 * Thu Sep 5 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-11
495 - sssd: fixed a bug in ipa_hostname processing
496 Resolves: rhbz#853542
497
498 * Thu Aug 15 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-10
499 - sssd: fixed buffer size for the ipa_hostname value
500 Resolves: rhbz#853542
501
502 * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-9
503 - sssd: match against ipa_hostname from sssd.conf too when
504 checking sudoHost
505 Resolves: rhbz#853542
506
507 * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-8
508 - updated man-page
509 - fixed handling of RLIMIT_NPROC resource limit
510 - fixed alias cycle detection code
511 - added debug messages for tracing of netgroup matching
512 - fixed aborting on realloc when displaying allowed commands
513 - show the SUDO_USER in logs, if running commands as root
514 - sssd: filter netgroups in the sudoUser attribute
515 Resolves: rhbz#856901
516 Resolves: rhbz#947276
517 Resolves: rhbz#886648
518 Resolves: rhbz#994563
519 Resolves: rhbz#848111
520 Resolves: rhbz#994626
521 Resolves: rhbz#973228
522 Resolves: rhbz#880150
523
524 * Wed Jan 23 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-7
525 - fixed potential stack overflow in visudo
526 Resolves: rhbz#903020
527
528 * Thu Nov 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-6
529 - added patches to address a number of issues in ldap & sssd plugins
530 - fixed README.LDAP updating in the spec file
531 Resolves: rhbz#860397
532 Resolves: rhbz#876208
533 Resolves: rhbz#876578
534 Resolves: rhbz#879675
535 Resolves: rhbz#879633
536
537 * Wed Nov 07 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-5
538 - Include just one sample plugin in the documentation for the -devel
539 subpackage. Don't include architecture specific files.
540 - patch: Do not inform the user that the command was not permitted by
541 the policy if they do not successfully authenticate.
542 Resolves: rhbz#759480
543 Resolves: rhbz#871303
544 Resolves: rhbz#872740
545
546 * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-4
547 - removed %doc since sudo installs the files anyway
548 Resolves: rhbz#759480
549
550 * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-3
551 - added SHLIB_MODE=755 to get striping to work again
552 Resolves: rhbz#759480
553
554 * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
555 - extended the default sudo-ldap.conf file
556 - corrected default file permissions on sudo.conf, sudo-ldap.conf
557 - added patch that introduces the cmnd_no_wait Defaults option
558 Resolves: rhbz#840980 - sudo creates a new parent process
559 Resolves: rhbz#860397 - new /etc/sudo-ldap.conf configuration file problems
560
561 * Mon Sep 24 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
562 - rebase to 1.8.6p3
563 - new -devel subpackage
564 - new configuration file: /etc/sudo.conf
565 Resolves: rhbz#852045 - ulimit -c got Operation not permitted
566 Resolves: rhbz#804123 - sudo does not call pam_close_session() or pam_end()
567 Resolves: rhbz#828707 - sudo fails to report error correctly when execv(3) fails
568 Resolves: rhbz#844691 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
569 Resolves: rhbz#759480 - Rebase sudo to 1.8 in RHEL 6.4
570 Resolves: rhbz#846117 - Sudo interpretation of wildcard command arguments is more lenient providing a security risk
571 Resolves: rhbz#789937 - [RFE] Add ability to treat files authoritatively in sudoers.ldap
572 Resolves: rhbz#836242 - sudo -s -u USERNAME can't change ulimit -c
573
574 * Tue Jul 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-13
575 - fixed job control
576 Resolves: rhbz#823993
577
578 * Fri Jun 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-12
579 - added patch for CVE-2012-2337
580 Resolves: rhbz#829757
581
582 * Wed May 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-11
583 - use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK (#821976)
584 Resolves: rhbz#821976
585
586 * Fri May 04 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10.1
587 - backported ldap code modifications that fix an issue with tls_checkpeer (#810372)
588 Resolves: rhbz#810372
589
590 * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10
591 - fixed bug in Runas_Spec group matching (#810147)
592 - disable `sudo -l' output word wrapping if the output
593 is piped (#810326)
594 - fixed `sudo -i' command escaping (#806095)
595 Resolves: rhbz#806095
596 Resolves: rhbz#810147
597 Resolves: rhbz#810326
598
599 * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-9
600 - fixed uninitialized value warning introduced with the sudoedit-selinux patch
601 Resolves: rhbz#806386
602
603 * Thu Mar 01 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-8
604 - created a separate ldap configuration file, sudo-ldap.conf
605 - visudo: mark unused aliases as warnings, not errors
606 - backported signal handling from 1.7.5
607 - don't disable coredumping from the code, rely on /proc/sys/fs/suid_dumpable
608 - use correct SELinux context when editing files with sudoedit
609 - fixed visudo syntax checks
610 - fixed typos and inconsistencies in documentation
611 - switched to an updated -getgrouplist patch to fix sudo -l -U <user> behavior
612 Resolves: rhbz#760843
613 Resolves: rhbz#736030
614 Resolves: rhbz#697775
615 Resolves: rhbz#726634
616 Resolves: rhbz#708515
617 Resolves: rhbz#736653
618 Resolves: rhbz#667120
619 Resolves: rhbz#769701
620 Resolves: rhbz#751680
621 Resolves: rhbz#604297
622 Resolves: rhbz#797511
623
624 * Thu Jul 21 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-7
625 - set ldap configuration file to nslcd.conf
626 Resolves: rhbz#709235
627
628 * Thu Jul 14 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-6
629 - removed the --with-ldap-*conf options
630 - added RELRO flags
631 Resolves: rhbz#709235
632 Resolves: rhbz#709859
633
634 * Tue Apr 19 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-5
635 - patch: log failed user role changes
636 Resolves: rhbz#665131
637
638 * Wed Mar 23 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
639 - added #includedir /etc/sudoers.d to sudoers
640 Resolves: rhbz#615087
641
642 * Tue Mar 22 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-3
643 - added !visiblepw option to sudoers
644 Resolves: rhbz#688640
645
646 * Fri Feb 4 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
647 - added patch for rhbz#665131
648 Resolves: rhbz#665131
649
650 * Thu Jan 13 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-1
651 - rebase to latest stable version
652 - sudo now uses /var/db/sudo for timestamps
653 - new command available: sudoreplay
654 - use native audit support
655 - sync configuration paths with the nss_ldap package
656 Resolves: rhbz#615087
657 Resolves: rhbz#652726
658 Resolves: rhbz#634159
659 Resolves: rhbz#603823
660
661 * Wed Sep 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-9
662 - added patch for CVE-2010-2956 (#628628)
663 Resolves: rhbz#629054
664
665 * Tue Aug 03 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-8
666 - sudoers change: always set $HOME to the target user home directory
667 Resolves: rhbz#619293
668
669 * Thu Jul 15 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-7
670 - move the sudo_end* calls before closefrom()
671 - close audit_fd before exec
672 - fixed typo in Makefile.in
673 Resolves: rhbz#569313
674
675 * Tue Jun 8 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-6
676 - fixed segfault when #include directive is used in cycles
677 Resolves: rhbz#598363
678
679 * Tue Jun 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
680 - added patch that fixes insufficient environment sanitization issue (#598154)
681 Resolves: rhbz#598383
682
683 * Tue Apr 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
684 - added second patch for CVE-2010-0426 (#580441)
685 Resolves: rhbz#580527
686
687 * Wed Feb 24 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
688 - added patch for CVE-2010-0426 (#567337)
689 Resolves: rhbz#567675
690
691 * Wed Jan 27 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-2
692 - changed the License: value to ISC
693 Related: rhbz#543948
694
695 * Wed Jan 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
696 - new upstream version
697 Resolves: rhbz#554321
698 - drop *.pod man page duplicates from docs
699 - commented out unused aliases in sudoers to make visudo happy (#550239)
700
701 * Tue Jan 12 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.1-8
702 - Rebuild for new libaudit
703 Related: rhbz#543948
704
705 * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
706 - rebuilt with new audit
707
708 * Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
709 - moved secure_path from compile-time option to sudoers file (#517428)
710
711 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
712 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
713
714 * Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
715 - moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
716 - epoch number sync
717
718 * Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
719 - updated sudo to version 1.7.1
720 - fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
721
722 * Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
723 - fixed building with new libtool
724 - fix for incorrect handling of groups in Runas_User
725 - added /usr/local/sbin to secure-path
726
727 * Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
728 - build with sendmail installed
729 - Added /usr/local/bin to secure-path
730
731 * Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
732 - adjust audit patch, do not scream when kernel is
733 compiled without audit netlink support (#401201)
734
735 * Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
736 - upgrade
737
738 * Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
739 - build with newer autoconf-2.62 (#449614)
740
741 * Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
742 - compiled with secure path (#80215)
743
744 * Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
745 - fix path to updatedb in /etc/sudoers (#445103)
746
747 * Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
748 - include ldap files in rpm package (#439506)
749
750 * Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
751 - include [sudo] in password prompt (#437092)
752
753 * Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
754 - audit support improvement
755
756 * Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
757 - upgrade to the latest upstream release
758
759 * Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
760 - upgrade to the latest upstream release
761 - add selinux support
762
763 * Mon Feb 02 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
764 - sparc64 needs to be in the -fPIE list with s390
765
766 * Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
767 - fix complains about audit_log_user_command(): Connection
768 refused (#401201)
769
770 * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
771 - Rebuild for deps
772
773 * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
774 - Rebuild for openssl bump
775
776 * Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
777 - fix autotools stuff and add audit support
778
779 * Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
780 - upgrade to upstream release
781
782 * Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
783 - also use getgrouplist() to determine group membership (#235915)
784
785 * Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
786 - fix some spec file issues
787
788 * Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
789 - fix rpmlint issue
790
791 * Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
792 - fix typo in sudoers file (#212308)
793
794 * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
795 - rebuilt for unwind info generation, broken in gcc-4.1.1-21
796
797 * Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
798 - fix sudoers file, X apps didn't work (#206320)
799
800 * Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
801 - use Red Hat specific default sudoers file
802
803 * Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
804 - fix #198755 - make login processes (sudo -i) initialise session keyring
805 (thanks for PAM config files to David Howells)
806 - add IPv6 support (patch by Milan Zazrivec)
807
808 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
809 - rebuild
810
811 * Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
812 - fix #190062 - "ssh localhost sudo su" will show the password in clear
813
814 * Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
815 - add LDAP support (#170848)
816
817 * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
818 - bump again for double-long bug on ppc(64)
819
820 * Wed Feb 8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
821 - reset env. by default
822
823 * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
824 - rebuilt for new gcc4.1 snapshot and glibc changes
825
826 * Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
827 - Remove selinux patch. It has been decided that the SELinux patch for sudo is
828 - no longer necessary. In tageted policy it had no effect. In strict/MLS policy
829 - We require the person using sudo to execute newrole before using sudo.
830
831 * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
832 - rebuilt
833
834 * Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
835 - new upstream version 1.6.8p12
836
837 * Tue Nov 8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
838 - new upstream version 1.6.8p11
839
840 * Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
841 - use include instead of pam_stack in pam config
842
843 * Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
844 - enable interfaces in selinux patch
845 - merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
846
847 * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
848 - fix debuginfo
849
850 * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
851 - fix #162623 - sesh hangs when child suspends
852
853 * Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
854 - Add back in interfaces call, SELinux has been fixed to work around
855
856 * Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
857 - new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
858
859 * Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
860 - fix #154511 - sudo does not use limits.conf
861
862 * Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
863 - new version 1.6.8p8: new sudoedit and sudo_noexec
864
865 * Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
866 - rebuild
867
868 * Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
869 - added missing BuildRequires for libselinux-devel (#132883)
870
871 * Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
872 - Fix missing param error in sesh
873
874 * Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
875 - Remove full patch check from sesh
876
877 * Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
878 - Fix selinux patch to switch to root user
879
880 * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
881 - rebuilt
882
883 * Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
884 - Eliminate tty handling from selinux
885
886 * Thu Apr 1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
887 - fixed spec file: sesh in file section with selinux flag (#119682)
888
889 * Thu Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
890 - Enhance sesh.c to fork/exec children itself, to avoid
891 having sudo reap all domains.
892 - Only reinstall default signal handlers immediately before
893 exec of child with SELinux patch
894
895 * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
896 - change to default to sysadm_r
897 - Fix tty handling
898
899 * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
900 - Add /bin/sesh to run selinux code.
901 - replace /bin/bash -c with /bin/sesh
902
903 * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
904 - Hard code to use "/bin/bash -c" for selinux
905
906 * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
907 - Eliminate closing and reopening of terminals, to match su.
908
909 * Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
910 - SELinux fixes to make transitions work properly
911
912 * Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
913 - pied sudo
914
915 * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
916 - rebuilt
917
918 * Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
919 - Eliminate interfaces call, since this requires big SELinux privs
920 - and it seems to be useless.
921
922 * Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
923 - visudo requires vim-minimal or setting EDITOR to something useful (#68605)
924
925 * Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
926 - Fix is_selinux_enabled call
927
928 * Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
929 - Clean up patch on failure
930
931 * Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
932 - Remove sudo.te for now.
933
934 * Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
935 - Fix usage message
936
937 * Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
938 - Clean up sudo.te to not blow up if pam.te not present
939
940 * Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
941 - added missing BuildRequires for groff
942
943 * Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
944 - remove left-over debugging code
945
946 * Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
947 - Fix terminal handling that caused Sudo to exit on non selinux machines.
948
949 * Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
950 - Remove sudo_var_run_t which is now pam_var_run_t
951
952 * Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
953 - Fix terminal handling and policy
954
955 * Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
956 - Fix policy
957
958 * Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
959 - Turn on SELinux support
960
961 * Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
962 - Add support for SELinux
963
964 * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
965 - rebuilt
966
967 * Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
968
969 * Wed Jan 22 2003 Tim Powers <timp@redhat.com>
970 - rebuilt
971
972 * Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
973 - remove absolute path names from the PAM configuration, ensuring that the
974 right modules get used for whichever arch we're built for
975 - don't try to install the FAQ, which isn't there any more
976
977 * Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
978 - update to 1.6.6
979
980 * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
981 - automated rebuild
982
983 * Thu May 23 2002 Tim Powers <timp@redhat.com>
984 - automated rebuild
985
986 * Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
987 - Fix bug #63768
988
989 * Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
990 - 1.6.5p2
991
992 * Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
993 - 1.6.5p1
994 - Hope this "a new release per day" madness stops ;)
995
996 * Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
997 - 1.6.5
998
999 * Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
1000 - 1.6.4p1
1001
1002 * Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
1003 - Update to 1.6.4
1004
1005 * Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
1006 - Add build requirements (#49706)
1007 - s/Copyright/License/
1008 - bzip2 source
1009
1010 * Sat Jun 16 2001 Than Ngo <than@redhat.com>
1011 - update to 1.6.3p7
1012 - use %%{_tmppath}
1013
1014 * Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
1015 - 1.6.3p6, fixes buffer overrun
1016
1017 * Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1018 - 1.6.3p5
1019
1020 * Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
1021 - automatic rebuild
1022
1023 * Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
1024 - fixed owner of sudo and visudo
1025
1026 * Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
1027 - modify PAM setup to use system-auth
1028 - clean up buildrooting by using the makeinstall macro
1029
1030 * Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1031 - initial build in main distrib
1032 - update to 1.6.3
1033 - deal with compressed man pages
1034
1035 * Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
1036 - updated to 1.6.1 for Powertools 6.2
1037 - config files are now noreplace.
1038
1039 * Thu Jul 22 1999 Tim Powers <timp@redhat.com>
1040 - updated to 1.5.9p2 for Powertools 6.1
1041
1042 * Wed May 12 1999 Bill Nottingham <notting@redhat.com>
1043 - sudo is configured with pam. There's no pam.d file. Oops.
1044
1045 * Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
1046 - upgraded to 1.59p1 for powertools 6.0
1047
1048 * Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
1049 - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
1050
1051 * Fri Oct 08 1998 Michael Maher <mike@redhat.com>
1052 - built package for 5.2
1053
1054 * Mon May 18 1998 Michael Maher <mike@redhat.com>
1055 - updated SPEC file
1056
1057 * Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
1058 - updated to 1.5.4
1059
1060 * Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
1061 - built for glibc, no problems
1062
1063 * Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
1064 - Fixed for 4.2 PowerTools
1065 - Still need to be pamified
1066 - Still need to move stmp file to /var/log
1067
1068 * Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
1069 - First version for PowerCD.
1070

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed