213 lines
6.8 KiB
RPMSpec
213 lines
6.8 KiB
RPMSpec
Name: sudo
|
|
Version: 1.9.8p2
|
|
Release: 6
|
|
Summary: Allows restricted root access for specified users
|
|
License: ISC
|
|
URL: http://www.courtesan.com/sudo/
|
|
|
|
Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
|
|
Source1: sudoers
|
|
Source2: sudo
|
|
Source3: sudo-i
|
|
|
|
Patch0: backport-0001-CVE-2022-37434.patch
|
|
Patch1: backport-0002-CVE-2022-37434.patch
|
|
Patch2: backport-CVE-2022-33070.patch
|
|
Patch3: backport-Fix-CVE-2022-43995-potential-heap-overflow-for-passwords.patch
|
|
Patch4: backport-Fix-incorrect-SHA384-512-digest-calculation.patch
|
|
Patch5: backport-sudo_passwd_verify-zero-out-des_pass-before-returnin.patch
|
|
Patch6: backport-Fix-issue-protobuf-c-499-unsigned-integer-overflow.patch
|
|
Patch7: backport-Fix-regression-with-zero-length-messages-introduced-.patch
|
|
Patch8: backport-Fix-typo-we-should-define-SSIZE_MAX-if-it-is-not-def.patch
|
|
Patch9: backport-Fix-a-clang-analyzer-14-warning-about-a-possible-NUL.patch
|
|
Patch10: backport-Fix-potential-signed-integer-overflow-on-32-bit-CPUs.patch
|
|
Patch11: backport-sudo_ldap_parse_options-fix-memory-leak-of-sudoRole-.patch
|
|
|
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
Requires: pam
|
|
Recommends: vim-minimal
|
|
Requires(post): coreutils
|
|
|
|
BuildRequires: pam-devel groff openldap-devel flex bison automake autoconf libtool
|
|
BuildRequires: audit-libs-devel libcap-devel libselinux-devel sendmail gettext zlib-devel
|
|
BuildRequires: chrpath
|
|
|
|
%description
|
|
Sudo is a program designed to allow a sysadmin to give limited root privileges
|
|
to users and log root activity. The basic philosophy is to give as few
|
|
privileges as possible but still allow people to get their work done.
|
|
|
|
%package devel
|
|
Summary: Development files for %{name}
|
|
Requires: %{name} = %{version}-%{release}
|
|
|
|
%description devel
|
|
The %{name}-devel package contains header files developing sudo
|
|
plugins that use %{name}.
|
|
|
|
%package_help
|
|
|
|
%prep
|
|
%autosetup -n %{name}-%{version} -p1
|
|
|
|
%build
|
|
autoreconf -I m4 -fv --install
|
|
export CFLAGS="$RPM_OPT_FLAGS -fpie" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
|
%configure \
|
|
--prefix=%{_prefix} \
|
|
--sbindir=%{_sbindir} \
|
|
--libdir=%{_libdir} \
|
|
--docdir=%{_pkgdocdir} \
|
|
--disable-root-mailer \
|
|
--disable-intercept \
|
|
--disable-log-server \
|
|
--disable-log-client \
|
|
--with-logging=syslog \
|
|
--with-logfac=authpriv \
|
|
--with-pam \
|
|
--with-pam-login \
|
|
--with-editor=/bin/vi \
|
|
--with-env-editor \
|
|
--with-ignore-dot \
|
|
--with-tty-tickets \
|
|
--with-ldap \
|
|
--with-selinux \
|
|
--with-passprompt="[sudo] password for %p: " \
|
|
--with-linux-audit \
|
|
--with-sssd
|
|
|
|
%make_build
|
|
|
|
%check
|
|
make check
|
|
|
|
%install
|
|
rm -rf $RPM_BUILD_ROOT
|
|
%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
|
|
|
|
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
|
|
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
|
|
install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
|
|
install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
|
|
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
|
|
install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
|
|
|
|
touch sudo.conf
|
|
echo sudo > sudo.conf
|
|
install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
|
|
rm -f sudo.conf
|
|
|
|
chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so
|
|
|
|
rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
|
|
rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
|
|
|
|
%delete_la
|
|
|
|
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
|
|
|
|
%chrpath_delete
|
|
mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
|
|
echo "/usr/libexec/sudo" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
|
|
|
|
%find_lang sudo
|
|
%find_lang sudoers
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/etc/pam.d
|
|
install -p -c -m 0644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sudo
|
|
install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sudo-i
|
|
|
|
%post
|
|
/bin/chmod 0440 /etc/sudoers || :
|
|
/sbin/ldconfig || :
|
|
|
|
%postun -p /sbin/ldconfig
|
|
|
|
%files -f sudo.lang -f sudoers.lang
|
|
%attr(0440,root,root) %config(noreplace) /etc/sudoers
|
|
%attr(0750,root,root) %dir /etc/sudoers.d/
|
|
%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
|
|
%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
|
|
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
|
|
%attr(4111,root,root) %{_bindir}/sudo
|
|
%attr(0111,root,root) %{_bindir}/sudoreplay
|
|
%{_bindir}/sudoedit
|
|
%{_bindir}/cvtsudoers
|
|
%attr(0755,root,root) %{_sbindir}/visudo
|
|
%attr(0755,root,root) %{_libexecdir}/sudo/sesh
|
|
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
|
|
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
|
|
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
|
|
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
|
|
%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so
|
|
%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so
|
|
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so*
|
|
%dir /var/db/sudo
|
|
%dir /var/db/sudo/lectured
|
|
%dir %{_libexecdir}/sudo
|
|
%config(noreplace) /etc/pam.d/sudo
|
|
%config(noreplace) /etc/pam.d/sudo-i
|
|
%config(noreplace) /etc/ld.so.conf.d/*
|
|
%license doc/LICENSE
|
|
|
|
%files devel
|
|
%{_includedir}/sudo_plugin.h
|
|
|
|
%files help
|
|
%dir %{_pkgdocdir}/
|
|
%{_mandir}/man5/*
|
|
%{_mandir}/man8/*
|
|
%{_mandir}/man1/*
|
|
%{_pkgdocdir}/*
|
|
%doc plugins/sample/sample_plugin.c
|
|
%exclude %{_pkgdocdir}/ChangeLog
|
|
|
|
%changelog
|
|
* Fri Nov 25 2022 wangyu <wangyu283@huawei.com> - 1.9.8p2-6
|
|
- Backport patches from upstream community
|
|
|
|
* Wed Nov 23 2022 wangyu <wangyu283@huawei.com> - 1.9.8p2-5
|
|
- Backport patches from upstream community
|
|
|
|
* Sat Nov 5 2022 wangyu <wangyu283@huawei.com> - 1.9.8p2-4
|
|
- Fix CVE-2022-43995
|
|
|
|
* Fri Sep 2 2022 wangyu <wangyu283@huawei.com> - 1.9.8p2-2
|
|
- Fix CVE-2022-37434 and CVE-2022-33070
|
|
|
|
* Tue Feb 15 2022 panxiaohe <panxh.life@foxmail.com> - 1.9.8p2-1
|
|
- Update to 1.9.8p2
|
|
|
|
* Thu Sep 16 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.9.5p2-3
|
|
- DESC: treat stack exhaustion like memory allocation failure
|
|
|
|
* Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 1.9.5p2-2
|
|
- DESC: delete -S git from %autosetup, and delete BuildRequires git
|
|
|
|
* Wed Jul 7 2021 panxiaohe <panxiaohe@huawei.com> - 1.9.5p2-1
|
|
- Update to 1.9.5p2
|
|
|
|
* Fri Jan 29 2021 zoulin <zoulin13@huawei.com> - 1.9.2-3
|
|
- Fix runstatedir handling for distros that do not support it
|
|
|
|
* Wed Jan 27 2021 panxiaohe <panxiaohe@huawei.com> - 1.9.2-2
|
|
- fix CVE-2021-23239 CVE-2021-23240 CVE-2021-3156
|
|
|
|
* Wed Jul 29 2020 zhangxingliang <zhangxingliang3@huawei.com> - 1.9.2-1
|
|
- update to 1.9.2
|
|
|
|
* Fri Apr 17 2020 Anakin Zhang <nbztx@126.com> - 1.8.27-5
|
|
- Read drop-in files from /etc/sudoers.d
|
|
|
|
* Mon Jan 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-4
|
|
- fix CVE-2019-19232 and CVE-2019-19234
|
|
|
|
* Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-3
|
|
- clean code
|
|
|
|
* Mon Dec 16 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-2
|
|
- Fix CVE-2019-14287
|
|
|
|
* Tue Aug 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.8.27-1
|
|
- Package init
|