rpms/sudo/devel sudo-1.6.9p4-getgrouplist.patch, NONE, 1.1 sudo-1.6.9p4-login.patch, NONE, 1.1 .cvsignore, 1.14, 1.15 sources, 1.16, 1.17 sudo.spec, 1.50, 1.51 sudo-1.6.8p12-env-reset.patch, 1.1, NONE sudo-1.6.8p12-getgrouplist.patch, 1.1, NONE sudo-1.6.8p12-ipv6.patch, 1.1, NONE sudo-1.6.8p12-pam-login.patch, 1.1, NONE sudo-1.6.8p12-requiretty.patch, 1.2, NONE sudo-1.6.8p8-pam-sess.patch, 1.1, NONE
Peter Vrabec (pvrabec)
fedora-extras-commits at redhat.com
Mon Aug 20 12:11:58 UTC 2007
Author: pvrabec
Update of /cvs/extras/rpms/sudo/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29964
Modified Files:
.cvsignore sources sudo.spec
Added Files:
sudo-1.6.9p4-getgrouplist.patch sudo-1.6.9p4-login.patch
Removed Files:
sudo-1.6.8p12-env-reset.patch sudo-1.6.8p12-getgrouplist.patch
sudo-1.6.8p12-ipv6.patch sudo-1.6.8p12-pam-login.patch
sudo-1.6.8p12-requiretty.patch sudo-1.6.8p8-pam-sess.patch
Log Message:
- upgrade to upstream release
sudo-1.6.9p4-getgrouplist.patch:
--- NEW FILE sudo-1.6.9p4-getgrouplist.patch ---
--- sudo-1.6.9p4/configure.in.getgrouplist 2007-08-20 11:41:32.000000000 +0200
+++ sudo-1.6.9p4/configure.in 2007-08-20 13:24:30.000000000 +0200
@@ -1677,7 +1677,7 @@
dnl
AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \
strftime setrlimit initgroups getgroups fstat gettimeofday \
- setlocale getaddrinfo)
+ setlocale getaddrinfo getgrouplist)
if test -z "$SKIP_SETRESUID"; then
AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
fi
--- sudo-1.6.9p4/configure.getgrouplist 2007-08-15 15:23:44.000000000 +0200
+++ sudo-1.6.9p4/configure 2007-08-20 13:26:25.000000000 +0200
@@ -14235,7 +14235,7 @@
for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \
strftime setrlimit initgroups getgroups fstat gettimeofday \
- setlocale getaddrinfo
+ setlocale getaddrinfo getgrouplist
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
--- sudo-1.6.9p4/check.c.getgrouplist 2007-07-06 21:52:13.000000000 +0200
+++ sudo-1.6.9p4/check.c 2007-08-20 13:21:10.000000000 +0200
@@ -308,6 +308,24 @@
return(TRUE);
}
+#ifdef HAVE_GETGROUPLIST
+ {
+ gid_t *grouplist, grouptmp;
+ int n_groups, i;
+ n_groups = 1;
+ if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) {
+ grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1));
+ if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0)
+ for (i = 0; i < n_groups; i++)
+ if (grouplist[i] == grp->gr_gid) {
+ free(grouplist);
+ return(TRUE);
+ }
+ free(grouplist);
+ }
+ }
+#endif
+
return(FALSE);
}
--- sudo-1.6.9p4/config.h.in.getgrouplist 2007-08-20 11:41:32.000000000 +0200
+++ sudo-1.6.9p4/config.h.in 2007-08-20 13:21:10.000000000 +0200
@@ -140,6 +140,9 @@
/* Define to 1 if you have the `getgroups' function. */
#undef HAVE_GETGROUPS
+/* Define to 1 if you have the `getgrouplist' function. */
+#undef HAVE_GETGROUPLIST
+
/* Define to 1 if you have the `getifaddrs' function. */
#undef HAVE_GETIFADDRS
sudo-1.6.9p4-login.patch:
--- NEW FILE sudo-1.6.9p4-login.patch ---
--- sudo-1.6.9p4/auth/pam.c.login 2007-07-22 14:14:53.000000000 +0200
+++ sudo-1.6.9p4/auth/pam.c 2007-08-20 11:08:33.000000000 +0200
@@ -89,7 +89,12 @@
if (auth != NULL)
auth->data = (VOID *) &pam_status;
pam_conv.conv = sudo_conv;
- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
+#ifdef HAVE_PAM_LOGIN
+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL))
+ pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh);
+ else
+#endif
+ pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh);
if (pam_status != PAM_SUCCESS) {
log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
return(AUTH_FATAL);
--- sudo-1.6.9p4/config.h.in.login 2007-08-15 15:22:19.000000000 +0200
+++ sudo-1.6.9p4/config.h.in 2007-08-20 11:08:34.000000000 +0200
@@ -266,6 +266,9 @@
/* Define to 1 if you use PAM authentication. */
#undef HAVE_PAM
+/* Define to 1 if you use specific PAM session for sodo -i. */
+#undef HAVE_PAM_LOGIN
+
/* Define to 1 if you have the <pam/pam_appl.h> header file. */
#undef HAVE_PAM_PAM_APPL_H
--- sudo-1.6.9p4/env.c.login 2007-07-31 20:04:31.000000000 +0200
+++ sudo-1.6.9p4/env.c 2007-08-20 11:24:48.000000000 +0200
@@ -104,7 +104,7 @@
/*
* Prototypes
*/
-char **rebuild_env __P((char **, int, int));
+char **rebuild_env __P((char **, int));
static void insert_env __P((char *, struct environment *, int));
static char *format_env __P((char *, ...));
@@ -391,9 +391,8 @@
* Also adds sudo-specific variables (SUDO_*).
*/
char **
-rebuild_env(envp, sudo_mode, noexec)
+rebuild_env(envp, noexec)
char **envp;
- int sudo_mode;
int noexec;
{
char **ep, *cp, *ps1;
--- sudo-1.6.9p4/configure.in.login 2007-08-15 15:48:51.000000000 +0200
+++ sudo-1.6.9p4/configure.in 2007-08-20 11:08:33.000000000 +0200
@@ -351,6 +351,17 @@
;;
esac])
+AC_ARG_WITH(pam-login, [ --with-pam-login enable specific PAM session for sudo -i],
+[case $with_pam_login in
+ yes) AC_DEFINE(HAVE_PAM_LOGIN)
+ AC_MSG_CHECKING(whether to use PAM login)
+ AC_MSG_RESULT(yes)
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."])
+ ;;
+esac])
+
AC_ARG_WITH(AFS, [ --with-AFS enable AFS support],
[case $with_AFS in
yes) AC_DEFINE(HAVE_AFS)
--- sudo-1.6.9p4/sudo.h.login 2007-07-06 16:14:34.000000000 +0200
+++ sudo-1.6.9p4/sudo.h 2007-08-20 11:33:45.000000000 +0200
@@ -268,6 +268,7 @@
extern FILE *sudoers_fp;
extern int tgetpass_flags;
extern uid_t timestamp_uid;
+extern int sudo_mode;
#endif
#ifndef errno
extern int errno;
--- sudo-1.6.9p4/sudo.c.login 2007-08-15 15:48:56.000000000 +0200
+++ sudo-1.6.9p4/sudo.c 2007-08-20 11:34:07.000000000 +0200
@@ -122,7 +122,7 @@
static struct passwd *get_authpw __P((void));
extern int sudo_edit __P((int, char **, char **));
extern void list_matches __P((void));
-extern char **rebuild_env __P((char **, int, int));
+extern char **rebuild_env __P((char **, int));
extern void validate_env_vars __P((struct list_member *));
extern char **insert_env_vars __P((char **, struct list_member *));
extern struct passwd *sudo_getpwnam __P((const char *));
@@ -153,6 +153,7 @@
char *login_style;
#endif /* HAVE_BSD_AUTH_H */
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld;
+int sudo_mode;
int
@@ -164,7 +165,6 @@
int validated;
int fd;
int cmnd_status;
- int sudo_mode;
int pwflag;
sigaction_t sa;
extern int printmatches;
@@ -347,7 +347,7 @@
def_env_reset = FALSE;
/* Build a new environment that avoids any nasty bits. */
- environ = rebuild_env(environ, sudo_mode, ISSET(validated, FLAG_NOEXEC));
+ environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC));
/* Fill in passwd struct based on user we are authenticating as. */
auth_pw = get_authpw();
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/sudo/devel/.cvsignore,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- .cvsignore 8 Aug 2006 11:57:00 -0000 1.14
+++ .cvsignore 20 Aug 2007 12:11:21 -0000 1.15
@@ -1,2 +1,2 @@
-sudo-1.6.8p12.tar.gz
+sudo-1.6.9p4.tar.gz
sudo-1.6.8p12-sudoers
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/sudo/devel/sources,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- sources 26 Oct 2006 09:14:04 -0000 1.16
+++ sources 20 Aug 2007 12:11:21 -0000 1.17
@@ -1,2 +1,2 @@
-b29893c06192df6230dd5f340f3badf5 sudo-1.6.8p12.tar.gz
+5439d24b48db69d2b6b42e97b47fdfd6 sudo-1.6.9p4.tar.gz
3dad7cdd28925f9bdf387510961f8e9f sudo-1.6.8p12-sudoers
Index: sudo.spec
===================================================================
RCS file: /cvs/extras/rpms/sudo/devel/sudo.spec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- sudo.spec 12 Apr 2007 08:29:55 -0000 1.50
+++ sudo.spec 20 Aug 2007 12:11:21 -0000 1.51
@@ -1,7 +1,7 @@
Summary: Allows restricted root access for specified users
Name: sudo
-Version: 1.6.8p12
-Release: 14%{?dist}
+Version: 1.6.9p4
+Release: 1%{?dist}
License: BSD
Group: Applications/System
URL: http://www.courtesan.com/sudo/
@@ -16,19 +16,12 @@
BuildRequires: flex
BuildRequires: bison
-# 154511 - sudo does not use limits.conf
-Patch2: sudo-1.6.8p8-pam-sess.patch
# don't strip
-Patch3: sudo-1.6.7p5-strip.patch
-# Default sudoers: reset env.
-Patch4: sudo-1.6.8p12-env-reset.patch
-# Default sudoers; require tty (#190062)
-Patch5: sudo-1.6.8p12-requiretty.patch
-# Use specific PAM session for sudo -i (#198755)
-Patch6: sudo-1.6.8p12-pam-login.patch
-# IPv6 support
-Patch7: sudo-1.6.8p12-ipv6.patch
-Patch8: sudo-1.6.8p12-getgrouplist.patch
+Patch1: sudo-1.6.7p5-strip.patch
+# use specific PAM session for sudo -i (#198755)
+Patch2: sudo-1.6.9p4-login.patch
+# the rest, see changelog
+Patch3: sudo-1.6.9p4-getgrouplist.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -43,13 +36,9 @@
%prep
%setup -q
-%patch2 -p1 -b .sess
-%patch3 -p1 -b .strip
-%patch4 -p1 -b .env_reset
-%patch5 -p1 -b .tty
-%patch6 -p1 -b .login
-%patch7 -p1 -b .ipv6
-%patch8 -p1 -b .getgrouplist
+%patch1 -p1 -b .strip
+%patch2 -p1 -b .login
+%patch3 -p1 -b .getgrouplist
%build
%ifarch s390 s390x
@@ -75,6 +64,8 @@
--with-ignore-dot \
--with-tty-tickets \
--with-ldap
+# --without-kerb5 \
+# --without-kerb4
make
%install
@@ -110,7 +101,7 @@
%files
%defattr(-,root,root)
-%doc BUGS CHANGES HISTORY LICENSE README RUNSON TODO TROUBLESHOOTING UPGRADE *.pod
+%doc BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING UPGRADE *.pod
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%config(noreplace) /etc/pam.d/sudo
%config(noreplace) /etc/pam.d/sudo-i
@@ -129,6 +120,9 @@
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Mon Aug 20 2007 Peter Vrabec <pvrabec at redhat.com> 1.6.9p4-1
+- upgrade to upstream release
+
* Thu Apr 12 2007 Peter Vrabec <pvrabec at redhat.com> 1.6.8p12-14
- also use getgrouplist() to determine group membership (#235915)
--- sudo-1.6.8p12-env-reset.patch DELETED ---
--- sudo-1.6.8p12-getgrouplist.patch DELETED ---
--- sudo-1.6.8p12-ipv6.patch DELETED ---
--- sudo-1.6.8p12-pam-login.patch DELETED ---
--- sudo-1.6.8p12-requiretty.patch DELETED ---
--- sudo-1.6.8p8-pam-sess.patch DELETED ---
More information about the fedora-extras-commits
mailing list