/[smeserver]/rpms/sudo/sme9/sudo.spec
ViewVC logotype

Contents of /rpms/sudo/sme9/sudo.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Sat Feb 6 20:26:20 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: sudo-1_8_6p3-30_el6_sme, HEAD
Changes since 1.1: +7 -2 lines
* Thu Feb 04 2021 Jean-Philipe Pialasse <tests@pialasse.com> 1.8.6p3-30.sme
- fix CVE-2021-3156 [SME: 11339]

1 Summary: Allows restricted root access for specified users
2 Name: sudo
3 Version: 1.8.6p3
4 Release: 30%{?dist}
5 License: ISC
6 Group: Applications/System
7 URL: http://www.courtesan.com/sudo/
8 Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
9 Source1: sudo-1.8.6p3-sudoers
10 Source2: sudo-1.7.4p5-sudo-ldap.conf
11 Source3: sudo-1.8.6p3-sudo.conf
12 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
13 Requires: /etc/pam.d/system-auth, vim-minimal
14
15 BuildRequires: pam-devel
16 BuildRequires: groff
17 BuildRequires: openldap-devel
18 BuildRequires: flex
19 BuildRequires: bison
20 BuildRequires: automake autoconf libtool
21 BuildRequires: audit-libs-devel libcap-devel
22 BuildRequires: libselinux-devel
23 BuildRequires: sendmail
24 BuildRequires: zlib-devel
25 BuildRequires: tzdata
26
27 # don't strip
28 Patch1: sudo-1.6.7p5-strip.patch
29 # configure.in fix
30 Patch2: sudo-1.7.2p1-envdebug.patch
31 # show the editor being executed by `sudo -e' in audit messages
32 Patch3: sudo-1.8.6p3-auditeditor.patch
33 # fix manpage typo (#726634)
34 Patch4: sudo-1.8.6p3-mantypo.patch
35 # correct SELinux handling in sudoedit mode (#697775)
36 Patch5: sudo-1.8.6p3-sudoedit-selinux.patch
37 # [RFE] Fix visudo -s to be backwards compatible (#604297)
38 Patch6: sudo-1.8.6p3-aliaswarnonly.patch
39 # log failed user role changes (#665131)
40 Patch7: sudo-1.8.6p3-auditrolechange.patch
41 # 840980 - sudo creates a new parent process
42 # Adds cmnd_no_wait Defaults option
43 Patch8: sudo-1.8.6p3-nowaitopt.patch
44 # Do not inform the user that the command was not permitted by the
45 # policy if they do not successfully authenticate.
46 Patch9: sudo-1.8.6p3-noauthwarn-regression.patch
47 # 876578 - erealloc3 error on sssd sudoHost netgroup mismatch
48 Patch10: sudo-1.8.6p3-emallocfail.patch
49 # 876208 - sudoRunAsUser #uid specification doesn't work
50 Patch11: sudo-1.8.6p3-ldap-sssd-usermatch.patch
51 # 879675 - sudo parse ldap.conf incorrectly
52 Patch12: sudo-1.8.6p3-ldapconfparse.patch
53 # 879633 - sudo + sssd + local user sends e-mail to administrator
54 Patch13: sudo-1.8.6p3-sssd-noise.patch
55 # 903020 - sudoers containing specially crafted aliases causes segfault of visudo
56 Patch14: sudo-1.8.6p3-cyclesegv.patch
57 # 856901 - Defauts:!<user> syntax in sudoers doesn't seem to work as expected
58 Patch15: sudo-1.8.6p3-ALL-with-negation-manupdate.patch
59 # 947276 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
60 Patch16: sudo-1.8.6p3-nprocfix.patch
61 # 886648 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup
62 Patch17: sudo-1.8.6p3-strictuidgid.patch
63 # 994563 - Warning in visudo: cycle in Host_Alias even without cycle
64 Patch18: sudo-1.8.6p3-cycledetect.patch
65 # 848111 - Improve error message
66 Patch19: sudo-1.8.6p3-netgrmatchtrace.patch
67 # 994626 - sudo -u <user> sudo -l show error: *** glibc detected *** sudo: realloc(): invalid next size
68 Patch20: sudo-1.8.6p3-lbufexpandcode.patch
69 # 973228 - RHEL6 sudo logs username "root" instead of realuser in /var/log/secure
70 Patch21: sudo-1.8.6p3-logsudouser.patch
71 # 880150 - sssd +netgroup sudoUser is always matched
72 Patch22: sudo-1.8.6p3-sssdfixes.patch
73 # 853542 - sudo should use ipa_hostname in IPA backend when defined
74 Patch23: sudo-1.8.6p3-ipahostname.patch
75 # 1015355 - CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 sudo: various flaws
76 # upstream ref: 2f3225a2a4a4 049a12a5cc14 ebd6cc75020f
77 Patch24: sudo-1.8.6p3-CVE-2013-2777_2776_1775.patch
78 # 1065415 - -sesh replaces /path/to/myshell with /path/to-myshell instead of -myshell
79 Patch25: sudo-1.8.6p3-sesharg0fix.patch
80 # 1078338 - sudo does not handle the "(none)" string, when no domainname is set, which breaks when nscd is enabled
81 Patch26: sudo-1.8.6p3-nonehostname.patch
82 # 1052940 - Regression in sudo 1.8.6p3-7 package, double quotes are not accepted in sudoers
83 Patch27: sudo-1.8.6p3-doublequotefix.patch
84 # 1083064 - With sudo-1.8.6p3-12.el6.x86_64 version, If a sudo rules contains +netgroup in sudoUser attribute it result in access denied
85 # 1006463 - sudo -U <user> listing shows incorrect list when sssd is used.
86 Patch28: sudo-1.8.6p3-netgrfilterfix.patch
87 # 1006447 - sudo -ll does not list the rule names when sssd is used.
88 Patch29: sudo-1.8.6p3-sssdrulenames.patch
89 # 1070952 - pam_faillock causes sudo to lock user when user aborts password prompt
90 Patch30: sudo-1.8.6p3-authinterrupt.patch
91 # Fix compiler warnings about discarting const qualifiers
92 Patch31: sudo-1.8.6p3-constwarnfix.patch
93 # 1138267 - sudoers.ldap man page has typos in description
94 Patch32: sudo-1.8.6p3-mantypos-ldap.patch
95 # 1147498 - duplicate sss module in nsswitch breaks sudo
96 Patch33: sudo-1.8.6p3-nssdupfix.patch
97 # 1138581 - sudo with sssd doesn't work correctly with sudoOrder option
98 Patch34: sudo-1.8.6p3-sudoorderfix.patch
99 # 1142122 - sudo option mail_no_user doesn't work
100 Patch35: sudo-1.8.6p3-ldapusermatchfix.patch
101 # 1094548 - sudo - cmnd_no_wait can cause child processes to ignore SIGPIPE
102 Patch36: sudo-1.8.6p3-sigpipefix.patch
103 # 1144448 - sudo with ldap doesn't work correctly with 'listpw=all' and 'verifypw=all' in sudoOption entry
104 Patch37: sudo-1.8.6p3-authlogicfix.patch
105 # 1200253 - CVE-2014-9680 sudo: unsafe handling of TZ environment variable [rhel-6.7]
106 Patch38: sudo-1.8.6p3-CVE-2014-9680.patch
107 # 1075836 - Sudo taking a long time when user information is stored externally.
108 Patch39: sudo-1.8.6p3-legacy-group-processing.patch
109 # 1241896 - [RFE] Implement sudoers option to change netgroup processing semantics
110 Patch40: sudo-1.8.6p3-netgroup_tuple.patch
111 # 1248695 - sudo segfault segfault at 8 i error 4 in sudoers.so
112 Patch41: sudo-1.8.6p3-seqfault-null-group-list.patch
113 # 1197885 - visudo ignores -q flag
114 Patch42: sudo-1.8.6p3-visudo-quiet-flag.patch
115 # 1247231 - [RFE] Backport pam_service and pam_login_service sudoers options from sudo 1.8.8
116 Patch43: sudo-1.8.6p3-pam_servicebackport.patch
117 # 1144422 - sudo with ldap/sssd doesn't respect env_keep,env_check and env_delete variables in sudoOption
118 Patch44: sudo-1.8.6p3-strunquote.patch
119 # 1279447 - sudo command throwing error when defaults records are added in ldap based on sudoers2ldif generated ldif
120 Patch45: sudo-1.8.6p3-ldap_sssd_parse_whitespaces.patch
121 # 1135531 - sudo with ldap doesn't work with 'user id' in sudoUser option
122 Patch46: sudo-1.8.6p3-ldapsearchuidfix.patch
123 # 1220480 - sudo option mail_no_user doesn't work with sssd provider
124 Patch47: sudo-1.8.6p3-sssd-mailfix.patch
125 # 1284886 - getcwd failed, resulting in Null pointer exception
126 Patch48: sudo-1.8.6p3-null_exception.patch
127 # 1309976 - closefrom_override sudo option not working
128 Patch49: sudo-1.8.6p7-closefrom-override-fix.patch
129 # 1312481 - non-root user can list privileges of other users
130 Patch50: sudo-1.8.6p3-unprivileged-list-fix.patch
131 # 1330001 - Fix sudo log file wrong group ownership
132 Patch51: sudo-1.8.6p3-loggingperms.patch
133 # 1374410 - Fix "sudo -l command" in the LDAP and SSS backends when the command is not allowed.
134 Patch52: sudo-1.8.6p3-ldap-sssd-notallowedcmnd.patch
135 # 1318374 - Fix sudo parsing sudoers with user's locale
136 Patch53: sudo-1.8.6p3-sudoerslocale.patch
137 # 1365156 - Fix race condition when creating /var/log/sudo-io direcotry
138 Patch54: sudo-1.8.6p3-iologracecondition.patch
139 # 1391938 - CVE-2016-7032 CVE-2016-7076 sudo: various flaws [rhel-6.9]
140 Patch55: sudo-1.8.6p3-noexec-update.patch
141 # 1455399 - CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-6.9.z]
142 Patch56: sudo-1.8.6p3-tty-parsing.patch
143 # 1459408 - CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367) [rhel-6.9.z]
144 Patch57: sudo-1.8.6p7-CVE-2017-1000368.patch
145 # 1917729 - EMBARGOED CVE-2021-3156 sudo: Heap-buffer overflow in argument parsing [rhel-7.9.z]
146 Patch58: sudo-1.8.6p3-CVE-2021-3156.patch
147
148 %description
149 Sudo (superuser do) allows a system administrator to give certain
150 users (or groups of users) the ability to run some (or all) commands
151 as root while logging all commands and arguments. Sudo operates on a
152 per-command basis. It is not a replacement for the shell. Features
153 include: the ability to restrict what commands a user may run on a
154 per-host basis, copious logging of each command (providing a clear
155 audit trail of who did what), a configurable timeout of the sudo
156 command, and the ability to use the same configuration file (sudoers)
157 on many different machines.
158
159 %package devel
160 Summary: Development files for %{name}
161 Group: Development/Libraries
162 Requires: %{name} = %{version}-%{release}
163
164 %description devel
165 The %{name}-devel package contains header files developing sudo
166 plugins that use %{name}.
167
168 %prep
169 %setup -q
170
171 %patch1 -p1 -b .strip
172 %patch2 -p1 -b .envdebug
173 %patch3 -p1 -b .auditeditor
174 %patch4 -p1 -b .mantypo
175 %patch5 -p1 -b .sudoedit-selinux
176 %patch6 -p1 -b .aliaswarnonly
177 %patch7 -p1 -b .auditrolechange
178 %patch8 -p1 -b .nowaitopt
179 %patch9 -p1 -b .noauthwarn
180 %patch10 -p1 -b .emallocfail
181 %patch11 -p1 -b .ldap-sssd-usermatch
182 %patch12 -p1 -b .ldapconfparse
183 %patch13 -p1 -b .sssd-noise
184 %patch14 -p1 -b .cyclesegv
185 %patch15 -p1 -b .ALL-with-negation-manupdate
186 %patch16 -p1 -b .nprocfix
187 %patch17 -p1 -b .strictuidgid
188 %patch18 -p1 -b .cycledetect
189 %patch19 -p1 -b .netgrmatchtrace
190 %patch20 -p1 -b .lbufexpandcode
191 %patch21 -p1 -b .logsudouser
192 %patch22 -p1 -b .sssdfixes
193 %patch23 -p1 -b .ipahostname
194 %patch24 -p1 -b .CVE-2013-2777_2776_1775
195 %patch25 -p1 -b .sesharg0fix
196 %patch26 -p1 -b .nonehostname
197 %patch27 -p1 -b .doublequotefix
198 %patch28 -p1 -b .netgrfilterfix
199 %patch29 -p1 -b .sssdrulenames
200 %patch30 -p1 -b .authinterrupt
201 %patch31 -p1 -b .constwarnfix
202 %patch32 -p1 -b .mantypos-ldap
203 %patch33 -p1 -b .nssdupfix
204 %patch34 -p1 -b .sudoorderfix
205 %patch35 -p1 -b .ldapusermatchfix
206 %patch36 -p1 -b .sigpipefix
207 %patch37 -p1 -b .authlogicfix
208 %patch38 -p1 -b .CVE-2014-9680
209 %patch39 -p1 -b .legacy-group-processing
210 %patch40 -p1 -b .netgroup_tuple
211 %patch41 -p1 -b .segfault-null-group-list
212 %patch42 -p1 -b .visudo-quiet-flag
213 %patch43 -p1 -b .pam_servicebackport
214 %patch44 -p1 -b .strunquote
215 %patch45 -p1 -b .rmwhitespaces
216 %patch46 -p1 -b .ldapsearchuidfix
217 %patch47 -p1 -b .mailfix
218 %patch48 -p1 -b .nullexception
219 %patch49 -p1 -b .closefrom-override-fix
220 %patch50 -p1 -b .unprivileged-list-fix
221 %patch51 -p1 -b .loggingperms
222 %patch52 -p1 -b .ldap-sssd-notallowedcmnd
223 %patch53 -p1 -b .sudoerslocale
224 %patch54 -p1 -b .iologracecondition
225 %patch55 -p1 -b .noexec-update
226 %patch56 -p1 -b .tty-parsing
227 %patch57 -p1 -b .CVE-2017-1000368
228 %patch58 -p1 -b .heap-buffer
229
230 %build
231 autoreconf -I m4 -fv --install
232
233 %ifarch s390 s390x sparc64
234 F_PIE=-fPIE
235 %else
236 F_PIE=-fpie
237 %endif
238
239 export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHLIB_MODE=755
240
241 %configure \
242 --prefix=%{_prefix} \
243 --sbindir=%{_sbindir} \
244 --libdir=%{_libdir} \
245 --docdir=%{_datadir}/doc/%{name}-%{version} \
246 --with-logging=syslog \
247 --with-logfac=authpriv \
248 --with-pam \
249 --with-pam-login \
250 --with-editor=/bin/vi \
251 --with-env-editor \
252 --with-ignore-dot \
253 --with-tty-tickets \
254 --with-ldap \
255 --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
256 --with-selinux \
257 --with-passprompt="[sudo] password for %p: " \
258 --with-linux-audit \
259 --with-sssd
260 # --without-kerb5 \
261 # --without-kerb4
262 make
263
264 %install
265 rm -rf $RPM_BUILD_ROOT
266
267 # Update README.LDAP (#736653)
268 sed -i 's|/etc/ldap\.conf|%{_sysconfdir}/sudo-ldap.conf|g' README.LDAP
269
270 make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
271 chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
272 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
273 install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
274 install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
275 install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
276 install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
277
278 # Remove execute permission on this script so we don't pull in perl deps
279 chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
280
281 %find_lang sudo
282 %find_lang sudoers
283
284 cat sudo.lang sudoers.lang > sudo_all.lang
285 rm sudo.lang sudoers.lang
286
287 mkdir -p $RPM_BUILD_ROOT/etc/pam.d
288 cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
289 #%PAM-1.0
290 auth include system-auth
291 account include system-auth
292 password include system-auth
293 session optional pam_keyinit.so revoke
294 session required pam_limits.so
295 EOF
296
297 cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
298 #%PAM-1.0
299 auth include sudo
300 account include sudo
301 password include sudo
302 session optional pam_keyinit.so force revoke
303 session required pam_limits.so
304 EOF
305
306 %clean
307 rm -rf $RPM_BUILD_ROOT
308
309 %files -f sudo_all.lang
310 %defattr(-,root,root)
311 %attr(0440,root,root) %config(noreplace) /etc/sudoers
312 %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
313 %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo-ldap.conf
314 %attr(0750,root,root) %dir /etc/sudoers.d/
315 %config(noreplace) /etc/pam.d/sudo
316 %config(noreplace) /etc/pam.d/sudo-i
317 %dir /var/db/sudo
318 %attr(4111,root,root) %{_bindir}/sudo
319 %attr(4111,root,root) %{_bindir}/sudoedit
320 %attr(0111,root,root) %{_bindir}/sudoreplay
321 %attr(0755,root,root) %{_sbindir}/visudo
322 %attr(0755,root,root) %{_libexecdir}/sesh
323 %{_libexecdir}/sudoers.*
324 %{_libexecdir}/sudo_noexec.*
325 %{_mandir}/man5/sudoers.5*
326 %{_mandir}/man5/sudoers.ldap.5*
327 %{_mandir}/man8/sudo.8*
328 %{_mandir}/man8/sudoedit.8*
329 %{_mandir}/man8/sudoreplay.8*
330 %{_mandir}/man8/visudo.8*
331 %{_docdir}/sudo-%{version}/*
332
333
334 # Make sure permissions are ok even if we're updating
335 %post
336 /bin/chmod 0440 /etc/sudoers || :
337
338 %files devel
339 %defattr(-,root,root,-)
340 %doc plugins/sample/sample_plugin.c
341 %{_includedir}/sudo_plugin.h
342 %{_mandir}/man8/sudo_plugin.8*
343
344 %changelog
345 * Thu Feb 04 2021 Jean-Philipe Pialasse <tests@pialasse.com> 1.8.6p3-30.sme
346 - fix CVE-2021-3156 [SME: 11339]
347
348 * Wed Jun 07 2017 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-29
349 - Fixes CVE-2017-1000368
350 Resolves: rhbz#1459408
351
352 * Mon May 29 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-28
353 - Fixes CVE-2017-1000367
354 Resolves: rhbz#1455399
355
356 * Thu Nov 24 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-27
357 - Update noexec syscall blacklist
358 - Fixes CVE-2016-7032 and CVE-2016-7076
359 Resolves: rhbz#1391938
360
361 * Tue Oct 18 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-26
362 - RHEL-6.9 erratum
363 - Fix race condition when creating /var/log/sudo-io direcotry
364 Resolves: rhbz#1365156
365
366 * Thu Oct 06 2016 Tomas Sykora <tosykora@redhat.com> - 1.8.6p3-25
367 - RHEL-6.9 erratum
368 - Fix "sudo -l command" in the LDAP and SSS backends when the command
369 is not allowed.
370 Resolves: rhbz#1374410
371 - Fix sudo log file wrong group ownership
372 Resolves: rhbz#1330001
373 - Fix sudo parsing sudoers with user's locale
374 Resolves: rhbz#1318374
375
376 * Tue Mar 01 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-24
377 - RHEL-6.8 erratum
378 - fixed a bug causing that non-root users can list privileges of
379 other users
380 Resolves: rhbz#1312481
381
382 * Thu Feb 25 2016 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-23
383 - RHEL-6.8 erratum
384 - fixed handling of closefrom_override defaults option
385 Resolves: rhbz#1309976
386
387 * Wed Jan 20 2016 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-22
388 - RHEL-6.8 erratum
389 - fixed potential getcwd failure, resulting in Null pointer exception
390 Resolves: rhbz#1284886
391
392 * Tue Dec 15 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
393 - RHEL-6.8 erratum
394 - fixed sssd's detection of user with zero rules
395 Resolves: rhbz#1220480
396
397 * Mon Dec 14 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
398 - RHEL-6.8 erratum
399 - search also by user id when fetching rules from LDAP
400 Resolves: rhbz#1135531
401
402 * Tue Dec 8 2015 Radovan Sroka <rsroka@redhat.com> - 1.8.6p3-21
403 - RHEL-6.8 erratum
404 - fixed ldap's and sssd's sudoOption value and remove quotes
405 - fixed ldap's and sssd's sudoOption whitespaces parse problem
406 Resolves: rhbz#1144422
407 Resolves: rhbz#1279447
408
409 * Tue Dec 8 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-21
410 - RHEL-6.8 erratum
411 - removed defaults option requiretty from /etc/sudoers
412 - backported pam_service and pam_login_service defaults options
413 - implemented a new defaults option for changing netgroup processing
414 semantics
415 - fixed visudo's quiet cli option
416 Resolves: rhbz#1248695
417 Resolves: rhbz#1247231
418 Resolves: rhbz#1241896
419 Resolves: rhbz#1197885
420 Resolves: rhbz#1233205
421
422 * Wed Jul 29 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-20
423 - added patch to re-introduce old group processing behaviour
424 Resolves: rhbz#1075836
425
426 * Tue May 05 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-19
427 - RHEL-6.7 erratum
428 - modified the authlogicfix patch to fix #1144448
429 - fixed a bug in the ldapusermatchfix patch
430 Resolves: rhbz#1144448
431 Resolves: rhbz#1142122
432
433 * Thu Apr 16 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-18
434 - RHEL-6.7 erratum
435 - fixed the mantypos-ldap.patch
436 Resolves: rhbz#1138267
437
438 * Tue Mar 31 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-17
439 - RHEL-6.7 erratum
440 - added patch for CVE-2014-9680
441 - added BuildRequires for tzdata
442 Resolves: rhbz#1200253
443
444 * Wed Mar 4 2015 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-16
445 - RHEL-6.7 erratum
446 - added zlib-devel build required to enable zlib compression support
447 - fixed two typos in the sudoers.ldap man page
448 - fixed a hang when duplicate nss entries are specified in nsswitch.conf
449 - SSSD: implemented sorting of the result entries according to the
450 sudoOrder attribute
451 - LDAP: fixed logic handling the computation of the "user matched" flag
452 - fixed restoring of the SIGPIPE signal in the tgetpass function
453 - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD
454 Resolves: rhbz#1106433
455 Resolves: rhbz#1138267
456 Resolves: rhbz#1147498
457 Resolves: rhbz#1138581
458 Resolves: rhbz#1142122
459 Resolves: rhbz#1094548
460 Resolves: rhbz#1144448
461
462 * Thu Jul 31 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-15
463 - RHEL-6.6 erratum
464 - SSSD: dropped the ipahostnameshort patch, as it is not
465 needed. rhbz#1033703 is a configuration issue.
466 Related: rhbz#1033703
467
468 * Wed Jul 30 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-14
469 - RHEL-6.6 erratum
470 - SSSD: fixed netgroup filter patch
471 - SSSD: dropped serparate patch for #1006463, the fix is now part
472 of the netgroup filter patch
473 Resolves: rhbz#1006463
474 Resolves: rhbz#1083064
475
476 * Mon May 19 2014 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-13
477 - RHEL-6.6 erratum
478 - don't retry authentication when ctrl-c pressed
479 - fix double-quote processing in Defaults options
480 - fix sesh login shell argv[0]
481 - handle the "(none)" hostname correctly
482 - SSSD: fix ipa_hostname handling
483 - SSSD: fix sudoUser netgroup specification filtering
484 - SSSD: list correct user when -U <user> -l specified
485 - SSSD: show rule names on long listing (-ll)
486 Resolves: rhbz#1065415
487 Resolves: rhbz#1078338
488 Resolves: rhbz#1052940
489 Resolves: rhbz#1083064
490 Resolves: rhbz#1033703
491 Resolves: rhbz#1006447
492 Resolves: rhbz#1006463
493 Resolves: rhbz#1070952
494
495 * Mon Oct 7 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-12
496 - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776
497 Resolves: rhbz#1015355
498
499 * Thu Sep 5 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-11
500 - sssd: fixed a bug in ipa_hostname processing
501 Resolves: rhbz#853542
502
503 * Thu Aug 15 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-10
504 - sssd: fixed buffer size for the ipa_hostname value
505 Resolves: rhbz#853542
506
507 * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-9
508 - sssd: match against ipa_hostname from sssd.conf too when
509 checking sudoHost
510 Resolves: rhbz#853542
511
512 * Wed Aug 14 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-8
513 - updated man-page
514 - fixed handling of RLIMIT_NPROC resource limit
515 - fixed alias cycle detection code
516 - added debug messages for tracing of netgroup matching
517 - fixed aborting on realloc when displaying allowed commands
518 - show the SUDO_USER in logs, if running commands as root
519 - sssd: filter netgroups in the sudoUser attribute
520 Resolves: rhbz#856901
521 Resolves: rhbz#947276
522 Resolves: rhbz#886648
523 Resolves: rhbz#994563
524 Resolves: rhbz#848111
525 Resolves: rhbz#994626
526 Resolves: rhbz#973228
527 Resolves: rhbz#880150
528
529 * Wed Jan 23 2013 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-7
530 - fixed potential stack overflow in visudo
531 Resolves: rhbz#903020
532
533 * Thu Nov 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-6
534 - added patches to address a number of issues in ldap & sssd plugins
535 - fixed README.LDAP updating in the spec file
536 Resolves: rhbz#860397
537 Resolves: rhbz#876208
538 Resolves: rhbz#876578
539 Resolves: rhbz#879675
540 Resolves: rhbz#879633
541
542 * Wed Nov 07 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-5
543 - Include just one sample plugin in the documentation for the -devel
544 subpackage. Don't include architecture specific files.
545 - patch: Do not inform the user that the command was not permitted by
546 the policy if they do not successfully authenticate.
547 Resolves: rhbz#759480
548 Resolves: rhbz#871303
549 Resolves: rhbz#872740
550
551 * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-4
552 - removed %doc since sudo installs the files anyway
553 Resolves: rhbz#759480
554
555 * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-3
556 - added SHLIB_MODE=755 to get striping to work again
557 Resolves: rhbz#759480
558
559 * Wed Sep 26 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-2
560 - extended the default sudo-ldap.conf file
561 - corrected default file permissions on sudo.conf, sudo-ldap.conf
562 - added patch that introduces the cmnd_no_wait Defaults option
563 Resolves: rhbz#840980 - sudo creates a new parent process
564 Resolves: rhbz#860397 - new /etc/sudo-ldap.conf configuration file problems
565
566 * Mon Sep 24 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.8.6p3-1
567 - rebase to 1.8.6p3
568 - new -devel subpackage
569 - new configuration file: /etc/sudo.conf
570 Resolves: rhbz#852045 - ulimit -c got Operation not permitted
571 Resolves: rhbz#804123 - sudo does not call pam_close_session() or pam_end()
572 Resolves: rhbz#828707 - sudo fails to report error correctly when execv(3) fails
573 Resolves: rhbz#844691 - Cannot set RLIMIT_NPROC to unlimited via pam_limits when running sudo
574 Resolves: rhbz#759480 - Rebase sudo to 1.8 in RHEL 6.4
575 Resolves: rhbz#846117 - Sudo interpretation of wildcard command arguments is more lenient providing a security risk
576 Resolves: rhbz#789937 - [RFE] Add ability to treat files authoritatively in sudoers.ldap
577 Resolves: rhbz#836242 - sudo -s -u USERNAME can't change ulimit -c
578
579 * Tue Jul 17 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-13
580 - fixed job control
581 Resolves: rhbz#823993
582
583 * Fri Jun 29 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-12
584 - added patch for CVE-2012-2337
585 Resolves: rhbz#829757
586
587 * Wed May 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-11
588 - use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK (#821976)
589 Resolves: rhbz#821976
590
591 * Fri May 04 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10.1
592 - backported ldap code modifications that fix an issue with tls_checkpeer (#810372)
593 Resolves: rhbz#810372
594
595 * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-10
596 - fixed bug in Runas_Spec group matching (#810147)
597 - disable `sudo -l' output word wrapping if the output
598 is piped (#810326)
599 - fixed `sudo -i' command escaping (#806095)
600 Resolves: rhbz#806095
601 Resolves: rhbz#810147
602 Resolves: rhbz#810326
603
604 * Mon Apr 16 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-9
605 - fixed uninitialized value warning introduced with the sudoedit-selinux patch
606 Resolves: rhbz#806386
607
608 * Thu Mar 01 2012 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-8
609 - created a separate ldap configuration file, sudo-ldap.conf
610 - visudo: mark unused aliases as warnings, not errors
611 - backported signal handling from 1.7.5
612 - don't disable coredumping from the code, rely on /proc/sys/fs/suid_dumpable
613 - use correct SELinux context when editing files with sudoedit
614 - fixed visudo syntax checks
615 - fixed typos and inconsistencies in documentation
616 - switched to an updated -getgrouplist patch to fix sudo -l -U <user> behavior
617 Resolves: rhbz#760843
618 Resolves: rhbz#736030
619 Resolves: rhbz#697775
620 Resolves: rhbz#726634
621 Resolves: rhbz#708515
622 Resolves: rhbz#736653
623 Resolves: rhbz#667120
624 Resolves: rhbz#769701
625 Resolves: rhbz#751680
626 Resolves: rhbz#604297
627 Resolves: rhbz#797511
628
629 * Thu Jul 21 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-7
630 - set ldap configuration file to nslcd.conf
631 Resolves: rhbz#709235
632
633 * Thu Jul 14 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-6
634 - removed the --with-ldap-*conf options
635 - added RELRO flags
636 Resolves: rhbz#709235
637 Resolves: rhbz#709859
638
639 * Tue Apr 19 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-5
640 - patch: log failed user role changes
641 Resolves: rhbz#665131
642
643 * Wed Mar 23 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-4
644 - added #includedir /etc/sudoers.d to sudoers
645 Resolves: rhbz#615087
646
647 * Tue Mar 22 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-3
648 - added !visiblepw option to sudoers
649 Resolves: rhbz#688640
650
651 * Fri Feb 4 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-2
652 - added patch for rhbz#665131
653 Resolves: rhbz#665131
654
655 * Thu Jan 13 2011 Daniel Kopecek <dkopecek@redhat.com> - 1.7.4p5-1
656 - rebase to latest stable version
657 - sudo now uses /var/db/sudo for timestamps
658 - new command available: sudoreplay
659 - use native audit support
660 - sync configuration paths with the nss_ldap package
661 Resolves: rhbz#615087
662 Resolves: rhbz#652726
663 Resolves: rhbz#634159
664 Resolves: rhbz#603823
665
666 * Wed Sep 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-9
667 - added patch for CVE-2010-2956 (#628628)
668 Resolves: rhbz#629054
669
670 * Tue Aug 03 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-8
671 - sudoers change: always set $HOME to the target user home directory
672 Resolves: rhbz#619293
673
674 * Thu Jul 15 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-7
675 - move the sudo_end* calls before closefrom()
676 - close audit_fd before exec
677 - fixed typo in Makefile.in
678 Resolves: rhbz#569313
679
680 * Tue Jun 8 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-6
681 - fixed segfault when #include directive is used in cycles
682 Resolves: rhbz#598363
683
684 * Tue Jun 1 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-5
685 - added patch that fixes insufficient environment sanitization issue (#598154)
686 Resolves: rhbz#598383
687
688 * Tue Apr 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-4
689 - added second patch for CVE-2010-0426 (#580441)
690 Resolves: rhbz#580527
691
692 * Wed Feb 24 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
693 - added patch for CVE-2010-0426 (#567337)
694 Resolves: rhbz#567675
695
696 * Wed Jan 27 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-2
697 - changed the License: value to ISC
698 Related: rhbz#543948
699
700 * Wed Jan 13 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-1
701 - new upstream version
702 Resolves: rhbz#554321
703 - drop *.pod man page duplicates from docs
704 - commented out unused aliases in sudoers to make visudo happy (#550239)
705
706 * Tue Jan 12 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.1-8
707 - Rebuild for new libaudit
708 Related: rhbz#543948
709
710 * Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1.7.1-7
711 - rebuilt with new audit
712
713 * Thu Aug 20 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-6
714 - moved secure_path from compile-time option to sudoers file (#517428)
715
716 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.1-5
717 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
718
719 * Thu Jul 09 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-4
720 - moved the closefrom() call before audit_help_open() (sudo-1.7.1-auditfix.patch)
721 - epoch number sync
722
723 * Mon Jun 22 2009 Daniel Kopecek <dkopecek@redhat.com> 1.7.1-1
724 - updated sudo to version 1.7.1
725 - fixed small bug in configure.in (sudo-1.7.1-conffix.patch)
726
727 * Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-6
728 - fixed building with new libtool
729 - fix for incorrect handling of groups in Runas_User
730 - added /usr/local/sbin to secure-path
731
732 * Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
733 - build with sendmail installed
734 - Added /usr/local/bin to secure-path
735
736 * Tue Sep 02 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-2
737 - adjust audit patch, do not scream when kernel is
738 compiled without audit netlink support (#401201)
739
740 * Fri Jul 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p17-1
741 - upgrade
742
743 * Wed Jun 18 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-7
744 - build with newer autoconf-2.62 (#449614)
745
746 * Tue May 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-6
747 - compiled with secure path (#80215)
748
749 * Mon May 05 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-5
750 - fix path to updatedb in /etc/sudoers (#445103)
751
752 * Mon Mar 31 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-4
753 - include ldap files in rpm package (#439506)
754
755 * Thu Mar 13 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-3
756 - include [sudo] in password prompt (#437092)
757
758 * Tue Mar 04 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-2
759 - audit support improvement
760
761 * Thu Feb 21 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p13-1
762 - upgrade to the latest upstream release
763
764 * Wed Feb 06 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p12-1
765 - upgrade to the latest upstream release
766 - add selinux support
767
768 * Mon Feb 02 2008 Dennis Gilmore <dennis@ausil.us> 1.6.9p4-6
769 - sparc64 needs to be in the -fPIE list with s390
770
771 * Mon Jan 07 2008 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-5
772 - fix complains about audit_log_user_command(): Connection
773 refused (#401201)
774
775 * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-4
776 - Rebuild for deps
777
778 * Wed Dec 05 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.6.9p4-3
779 - Rebuild for openssl bump
780
781 * Thu Aug 30 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-2
782 - fix autotools stuff and add audit support
783
784 * Mon Aug 20 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.9p4-1
785 - upgrade to upstream release
786
787 * Thu Apr 12 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-14
788 - also use getgrouplist() to determine group membership (#235915)
789
790 * Mon Feb 26 2007 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-13
791 - fix some spec file issues
792
793 * Thu Dec 14 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-12
794 - fix rpmlint issue
795
796 * Thu Oct 26 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-11
797 - fix typo in sudoers file (#212308)
798
799 * Sun Oct 01 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-10
800 - rebuilt for unwind info generation, broken in gcc-4.1.1-21
801
802 * Thu Sep 21 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-9
803 - fix sudoers file, X apps didn't work (#206320)
804
805 * Tue Aug 08 2006 Peter Vrabec <pvrabec@redhat.com> 1.6.8p12-8
806 - use Red Hat specific default sudoers file
807
808 * Sun Jul 16 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-7
809 - fix #198755 - make login processes (sudo -i) initialise session keyring
810 (thanks for PAM config files to David Howells)
811 - add IPv6 support (patch by Milan Zazrivec)
812
813 * Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-6.1
814 - rebuild
815
816 * Mon May 29 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-6
817 - fix #190062 - "ssh localhost sudo su" will show the password in clear
818
819 * Tue May 23 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-5
820 - add LDAP support (#170848)
821
822 * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-4.1
823 - bump again for double-long bug on ppc(64)
824
825 * Wed Feb 8 2006 Karel Zak <kzak@redhat.com> 1.6.8p12-4
826 - reset env. by default
827
828 * Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 1.6.8p12-3.1
829 - rebuilt for new gcc4.1 snapshot and glibc changes
830
831 * Mon Jan 23 2006 Dan Walsh <dwalsh@redhat.com> 1.6.8p12-3
832 - Remove selinux patch. It has been decided that the SELinux patch for sudo is
833 - no longer necessary. In tageted policy it had no effect. In strict/MLS policy
834 - We require the person using sudo to execute newrole before using sudo.
835
836 * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
837 - rebuilt
838
839 * Fri Nov 25 2005 Karel Zak <kzak@redhat.com> 1.6.8p12-1
840 - new upstream version 1.6.8p12
841
842 * Tue Nov 8 2005 Karel Zak <kzak@redhat.com> 1.6.8p11-1
843 - new upstream version 1.6.8p11
844
845 * Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 1.6.8p9-6
846 - use include instead of pam_stack in pam config
847
848 * Tue Oct 11 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-5
849 - enable interfaces in selinux patch
850 - merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
851
852 * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-4
853 - fix debuginfo
854
855 * Mon Sep 19 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-3
856 - fix #162623 - sesh hangs when child suspends
857
858 * Mon Aug 1 2005 Dan Walsh <dwalsh@redhat.com> 1.6.8p9-2
859 - Add back in interfaces call, SELinux has been fixed to work around
860
861 * Tue Jun 21 2005 Karel Zak <kzak@redhat.com> 1.6.8p9-1
862 - new version 1.6.8p9 (resolve #161116 - CAN-2005-1993 sudo trusted user arbitrary command execution)
863
864 * Tue May 24 2005 Karel Zak <kzak@redhat.com> 1.6.8p8-2
865 - fix #154511 - sudo does not use limits.conf
866
867 * Mon Apr 4 2005 Thomas Woerner <twoerner@redhat.com> 1.6.8p8-1
868 - new version 1.6.8p8: new sudoedit and sudo_noexec
869
870 * Wed Feb 9 2005 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-31
871 - rebuild
872
873 * Mon Oct 4 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-30.1
874 - added missing BuildRequires for libselinux-devel (#132883)
875
876 * Wed Sep 29 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-30
877 - Fix missing param error in sesh
878
879 * Mon Sep 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-29
880 - Remove full patch check from sesh
881
882 * Thu Jul 8 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-28
883 - Fix selinux patch to switch to root user
884
885 * Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
886 - rebuilt
887
888 * Tue Apr 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-26
889 - Eliminate tty handling from selinux
890
891 * Thu Apr 1 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-25
892 - fixed spec file: sesh in file section with selinux flag (#119682)
893
894 * Thu Mar 30 2004 Colin Walters <walters@redhat.com> 1.6.7p5-24
895 - Enhance sesh.c to fork/exec children itself, to avoid
896 having sudo reap all domains.
897 - Only reinstall default signal handlers immediately before
898 exec of child with SELinux patch
899
900 * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-23
901 - change to default to sysadm_r
902 - Fix tty handling
903
904 * Thu Mar 18 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-22
905 - Add /bin/sesh to run selinux code.
906 - replace /bin/bash -c with /bin/sesh
907
908 * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-21
909 - Hard code to use "/bin/bash -c" for selinux
910
911 * Tue Mar 16 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-20
912 - Eliminate closing and reopening of terminals, to match su.
913
914 * Mon Mar 15 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-19
915 - SELinux fixes to make transitions work properly
916
917 * Fri Mar 5 2004 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-18
918 - pied sudo
919
920 * Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
921 - rebuilt
922
923 * Tue Jan 27 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-16
924 - Eliminate interfaces call, since this requires big SELinux privs
925 - and it seems to be useless.
926
927 * Tue Jan 27 2004 Karsten Hopp <karsten@redhat.de> 1.6.7p5-15
928 - visudo requires vim-minimal or setting EDITOR to something useful (#68605)
929
930 * Mon Jan 26 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-14
931 - Fix is_selinux_enabled call
932
933 * Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-13
934 - Clean up patch on failure
935
936 * Tue Jan 6 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-12
937 - Remove sudo.te for now.
938
939 * Fri Jan 2 2004 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-11
940 - Fix usage message
941
942 * Mon Dec 22 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-10
943 - Clean up sudo.te to not blow up if pam.te not present
944
945 * Thu Dec 18 2003 Thomas Woerner <twoerner@redhat.com>
946 - added missing BuildRequires for groff
947
948 * Tue Dec 16 2003 Jeremy Katz <katzj@redhat.com> 1.6.7p5-9
949 - remove left-over debugging code
950
951 * Tue Dec 16 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-8
952 - Fix terminal handling that caused Sudo to exit on non selinux machines.
953
954 * Mon Dec 15 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-7
955 - Remove sudo_var_run_t which is now pam_var_run_t
956
957 * Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-6
958 - Fix terminal handling and policy
959
960 * Thu Dec 11 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-5
961 - Fix policy
962
963 * Thu Nov 13 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-4.sel
964 - Turn on SELinux support
965
966 * Tue Jul 29 2003 Dan Walsh <dwalsh@redhat.com> 1.6.7p5-3
967 - Add support for SELinux
968
969 * Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
970 - rebuilt
971
972 * Mon May 19 2003 Thomas Woerner <twoerner@redhat.com> 1.6.7p5-1
973
974 * Wed Jan 22 2003 Tim Powers <timp@redhat.com>
975 - rebuilt
976
977 * Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 1.6.6-2
978 - remove absolute path names from the PAM configuration, ensuring that the
979 right modules get used for whichever arch we're built for
980 - don't try to install the FAQ, which isn't there any more
981
982 * Thu Jun 27 2002 Bill Nottingham <notting@redhat.com> 1.6.6-1
983 - update to 1.6.6
984
985 * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
986 - automated rebuild
987
988 * Thu May 23 2002 Tim Powers <timp@redhat.com>
989 - automated rebuild
990
991 * Thu Apr 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-2
992 - Fix bug #63768
993
994 * Thu Mar 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p2-1
995 - 1.6.5p2
996
997 * Fri Jan 18 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5p1-1
998 - 1.6.5p1
999 - Hope this "a new release per day" madness stops ;)
1000
1001 * Thu Jan 17 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.5-1
1002 - 1.6.5
1003
1004 * Tue Jan 15 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4p1-1
1005 - 1.6.4p1
1006
1007 * Mon Jan 14 2002 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.4-1
1008 - Update to 1.6.4
1009
1010 * Mon Jul 23 2001 Bernhard Rosenkraenzer <bero@redhat.com> 1.6.3p7-2
1011 - Add build requirements (#49706)
1012 - s/Copyright/License/
1013 - bzip2 source
1014
1015 * Sat Jun 16 2001 Than Ngo <than@redhat.com>
1016 - update to 1.6.3p7
1017 - use %%{_tmppath}
1018
1019 * Fri Feb 23 2001 Bernhard Rosenkraenzer <bero@redhat.com>
1020 - 1.6.3p6, fixes buffer overrun
1021
1022 * Tue Oct 10 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1023 - 1.6.3p5
1024
1025 * Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
1026 - automatic rebuild
1027
1028 * Tue Jun 06 2000 Karsten Hopp <karsten@redhat.de>
1029 - fixed owner of sudo and visudo
1030
1031 * Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
1032 - modify PAM setup to use system-auth
1033 - clean up buildrooting by using the makeinstall macro
1034
1035 * Tue Apr 11 2000 Bernhard Rosenkraenzer <bero@redhat.com>
1036 - initial build in main distrib
1037 - update to 1.6.3
1038 - deal with compressed man pages
1039
1040 * Tue Dec 14 1999 Preston Brown <pbrown@redhat.com>
1041 - updated to 1.6.1 for Powertools 6.2
1042 - config files are now noreplace.
1043
1044 * Thu Jul 22 1999 Tim Powers <timp@redhat.com>
1045 - updated to 1.5.9p2 for Powertools 6.1
1046
1047 * Wed May 12 1999 Bill Nottingham <notting@redhat.com>
1048 - sudo is configured with pam. There's no pam.d file. Oops.
1049
1050 * Mon Apr 26 1999 Preston Brown <pbrown@redhat.com>
1051 - upgraded to 1.59p1 for powertools 6.0
1052
1053 * Tue Oct 27 1998 Preston Brown <pbrown@redhat.com>
1054 - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed)
1055
1056 * Fri Oct 08 1998 Michael Maher <mike@redhat.com>
1057 - built package for 5.2
1058
1059 * Mon May 18 1998 Michael Maher <mike@redhat.com>
1060 - updated SPEC file
1061
1062 * Thu Jan 29 1998 Otto Hammersmith <otto@redhat.com>
1063 - updated to 1.5.4
1064
1065 * Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
1066 - built for glibc, no problems
1067
1068 * Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
1069 - Fixed for 4.2 PowerTools
1070 - Still need to be pamified
1071 - Still need to move stmp file to /var/log
1072
1073 * Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
1074 - First version for PowerCD.
1075

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed