Name: sudo
Version: 1.8.27
Release: 4
Summary: Allows restricted root access for specified users
License: ISC
URL: http://www.courtesan.com/sudo/

Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
Source1: sudoers
Source2: sudo
Source3: sudo-i

Patch6000: sudo_minus_1_uid.patch
Patch6001: strtoid_minus_1_test_fix.patch
Patch6002: Fix-CVE-2019-19232-control-matching-of-unknown-IDs.patch
Patch6003: Fix-CVE-2019-19234-add-runas_check_shell-flag.patch

Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: pam
Recommends: vim-minimal
Requires(post): coreutils

BuildRequires: pam-devel groff openldap-devel flex bison automake autoconf libtool
BuildRequires: audit-libs-devel libcap-devel libselinux-devel sendmail gettext zlib-devel
BuildRequires: chrpath git

%description
Sudo is a program designed to allow a sysadmin to give limited root privileges
to users and log root activity.  The basic philosophy is to give as few
privileges as possible but still allow people to get their work done.

%package        devel
Summary:        Development files for %{name}
Requires:       %{name} = %{version}-%{release}

%description    devel
The %{name}-devel package contains header files developing sudo
plugins that use %{name}.

%package_help

%prep
%autosetup -n %{name}-%{version} -S git

%build
autoreconf -I m4 -fv --install
export CFLAGS="$RPM_OPT_FLAGS -fpie" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%configure \
        --prefix=%{_prefix} \
        --sbindir=%{_sbindir} \
        --libdir=%{_libdir} \
        --docdir=%{_pkgdocdir} \
        --disable-root-mailer \
        --with-logging=syslog \
        --with-logfac=authpriv \
        --with-pam \
        --with-pam-login \
        --with-editor=/bin/vi \
        --with-env-editor \
        --with-ignore-dot \
        --with-tty-tickets \
        --with-ldap \
        --with-selinux \
        --with-passprompt="[sudo] password for %p: " \
        --with-linux-audit \
        --with-sssd

%make_build

%check
make check

%install
rm -rf $RPM_BUILD_ROOT
%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`

chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* 
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/

touch sudo.conf
echo sudo > sudo.conf
install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
rm -f sudo.conf

chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so

rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo

%delete_la

rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist

%chrpath_delete
mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
echo "/usr/libexec/sudo" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf

%find_lang sudo
%find_lang sudoers

mkdir -p $RPM_BUILD_ROOT/etc/pam.d
install -p -c -m 0644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sudo
install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i

%post
/bin/chmod 0440 /etc/sudoers || :
/sbin/ldconfig || :

%postun -p /sbin/ldconfig

%files -f sudo.lang -f sudoers.lang
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%attr(0750,root,root) %dir /etc/sudoers.d/
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
%attr(0644,root,root) /etc/dnf/protected.d/sudo.conf
%attr(4111,root,root) %{_bindir}/sudo
%attr(0111,root,root) %{_bindir}/sudoreplay
%{_bindir}/sudoedit
%{_bindir}/cvtsudoers
%attr(0755,root,root) %{_sbindir}/visudo
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so*
%dir /var/db/sudo
%dir /var/db/sudo/lectured
%dir %{_libexecdir}/sudo
%config(noreplace) /etc/pam.d/sudo
%config(noreplace) /etc/pam.d/sudo-i
%config(noreplace) /etc/ld.so.conf.d/*
%license doc/LICENSE

%files devel
%{_includedir}/sudo_plugin.h

%files help
%dir %{_pkgdocdir}/
%{_mandir}/man5/*
%{_mandir}/man8/*
%{_mandir}/man1/*
%{_pkgdocdir}/*
%doc plugins/sample/sample_plugin.c
%exclude %{_pkgdocdir}/ChangeLog

%changelog
* Mon Jan 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-4
- fix CVE-2019-19232 and CVE-2019-19234

* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-3
- clean code

* Mon Dec 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-2
- Fix CVE-2019-14287

* Tue Aug 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-1
- Package init