rpms/sudo/devel sudo-1.6.9p13-audit.patch, NONE, 1.1 .cvsignore, 1.16, 1.17 sources, 1.18, 1.19 sudo-1.6.8p12-sudoers, 1.3, 1.4 sudo.spec, 1.60, 1.61 sudo-1.6.9p12-selinux.patch, 1.1, NONE sudo-1.6.9p4-audit.patch, 1.4, NONE
Peter Vrabec (pvrabec)
fedora-extras-commits at redhat.com
Thu Feb 21 15:11:28 UTC 2008
- Previous message (by thread): rpms/quota/devel quota-3.15-manpages.patch, NONE, 1.1 quota.spec, 1.38, 1.39
- Next message (by thread): rpms/system-config-bind/devel .cvsignore, 1.31, 1.32 sources, 1.48, 1.49 system-config-bind.spec, 1.69, 1.70 system-config-bind-4.0.2-DNSSECkey-record-column.patch, 1.1, NONE system-config-bind-4.0.2-SSHFPrecord.patch, 1.1, NONE system-config-bind-4.0.2-check-child.patch, 1.1, NONE system-config-bind-4.0.2-correct-typos.patch, 1.1, NONE system-config-bind-4.0.2-rndc-label-correction.patch, 1.1, NONE system-config-bind-4.0.2-ver.patch, 1.1, NONE system-config-bind-4.0.2-version-2.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pvrabec
Update of /cvs/extras/rpms/sudo/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2264
Modified Files:
.cvsignore sources sudo-1.6.8p12-sudoers sudo.spec
Added Files:
sudo-1.6.9p13-audit.patch
Removed Files:
sudo-1.6.9p12-selinux.patch sudo-1.6.9p4-audit.patch
Log Message:
upgrade
sudo-1.6.9p13-audit.patch:
--- NEW FILE sudo-1.6.9p13-audit.patch ---
diff -up sudo-1.6.9p13/set_perms.c.audit sudo-1.6.9p13/set_perms.c
--- sudo-1.6.9p13/set_perms.c.audit 2007-11-28 00:41:23.000000000 +0100
+++ sudo-1.6.9p13/set_perms.c 2008-02-21 14:03:02.000000000 +0100
@@ -53,6 +53,10 @@
#ifdef HAVE_LOGIN_CAP_H
# include <login_cap.h>
#endif
+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP)
+# include <sys/prctl.h>
+# include <sys/capability.h>
+#endif
#include "sudo.h"
@@ -119,13 +123,46 @@ set_perms(perm)
break;
case PERM_FULL_RUNAS:
- /* headed for exec(), assume euid == ROOT_UID */
- runas_setup();
- if (setresuid(def_stay_setuid ?
- user_uid : runas_pw->pw_uid,
- runas_pw->pw_uid, runas_pw->pw_uid))
- err(1, "unable to change to runas uid");
- break;
+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP)
+ { /* BEGIN CAP BLOCK */
+ cap_t new_caps;
+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE };
+
+ if (runas_pw->pw_uid != ROOT_UID) {
+ new_caps = cap_init ();
+ if (!new_caps)
+ err(1, "Error initing capabilities, aborting.\n");
+
+ if(cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET) ||
+ cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET)) {
+ err(1, "Error setting capabilities, aborting\n");
+ }
+
+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0))
+ err(1, "Error setting KEEPCAPS, aborting\n");
+ }
+#endif
+ /* headed for exec(), assume euid == ROOT_UID */
+ runas_setup ();
+ if (setresuid(def_stay_setuid ?
+ user_uid : runas_pw->pw_uid,
+ runas_pw->pw_uid, runas_pw->pw_uid))
+ err(1, "unable to change to runas uid");
+
+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP)
+ if (runas_pw->pw_uid != ROOT_UID) {
+ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0)
+ err(1, "Error resetting KEEPCAPS, aborting\n");
+
+ if (cap_set_proc(new_caps))
+ err(1, "Error dropping capabilities, aborting\n");
+
+ if (cap_free (new_caps))
+ err(1, "Error freeing caps\n");
+ }
+ } /* END CAP BLOCK */
+#endif
+ break;
case PERM_SUDOERS:
/* assume euid == ROOT_UID, ruid == user */
diff -up sudo-1.6.9p13/sudo.c.audit sudo-1.6.9p13/sudo.c
--- sudo-1.6.9p13/sudo.c.audit 2008-02-21 14:03:02.000000000 +0100
+++ sudo-1.6.9p13/sudo.c 2008-02-21 14:03:02.000000000 +0100
@@ -100,6 +100,10 @@
# include <selinux/selinux.h>
#endif
+#ifdef WITH_AUDIT
+#include <libaudit.h>
+#endif
+
#include "sudo.h"
#include "interfaces.h"
#include "version.h"
@@ -295,6 +299,10 @@ main(argc, argv, envp)
if (safe_cmnd == NULL)
safe_cmnd = estrdup(user_cmnd);
+#if defined(WITH_AUDIT)
+ audit_help_open ();
+#endif
+
/*
* Look up the timestamp dir owner if one is specified.
*/
@@ -305,9 +313,13 @@ main(argc, argv, envp)
pw = getpwuid(atoi(def_timestampowner + 1));
else
pw = getpwnam(def_timestampowner);
- if (!pw)
+ if (!pw) {
+#if defined(WITH_AUDIT)
+ audit_logger(AUDIT_USER_CMD, user_cmnd, 0);
+#endif
log_error(0, "timestamp owner (%s): No such user",
def_timestampowner);
+ }
timestamp_uid = pw->pw_uid;
}
@@ -317,15 +329,22 @@ main(argc, argv, envp)
exit(0);
}
- if (ISSET(validated, VALIDATE_ERROR))
+ if (ISSET(validated, VALIDATE_ERROR)) {
+#if defined(WITH_AUDIT)
+ audit_logger(AUDIT_USER_CMD, user_cmnd, 0);
+#endif
log_error(0, "parse error in %s near line %d", _PATH_SUDOERS,
errorlineno);
+ }
/* Is root even allowed to run sudo? */
if (user_uid == 0 && !def_root_sudo) {
(void) fprintf(stderr,
"Sorry, %s has been configured to not allow root to run it.\n",
getprogname());
+#if defined(WITH_AUDIT)
+ audit_logger(AUDIT_USER_CMD, user_cmnd, 0);
+#endif
exit(1);
}
@@ -339,8 +358,12 @@ main(argc, argv, envp)
/* Bail if a tty is required and we don't have one. */
if (def_requiretty) {
- if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1)
+ if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
+#if defined(WITH_AUDIT)
+ audit_logger(AUDIT_USER_CMD, user_cmnd, 0);
+#endif
log_error(NO_MAIL, "sorry, you must have a tty to run sudo");
+ }
else
(void) close(fd);
}
@@ -373,17 +396,27 @@ main(argc, argv, envp)
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
+#if defined(WITH_AUDIT)
+ audit_logger(AUDIT_USER_CMD, user_cmnd, 0);
+#endif
exit(1);
} else if (cmnd_status == NOT_FOUND) {
warnx("%s: command not found", user_cmnd);
+#if defined(WITH_AUDIT)
+ audit_logger(AUDIT_USER_CMD, user_cmnd, 0);
+#endif
exit(1);
}
/* If user specified env vars make sure sudoers allows it. */
if (ISSET(sudo_mode, MODE_RUN) && !ISSET(validated, FLAG_SETENV)) {
- if (ISSET(sudo_mode, MODE_PRESERVE_ENV))
+ if (ISSET(sudo_mode, MODE_PRESERVE_ENV)) {
+#if defined(WITH_AUDIT)
+ audit_logger(AUDIT_USER_CMD, user_cmnd, 0);
+#endif
log_error(NO_MAIL,
"sorry, you are not allowed to preserve the environment");
+ }
else
validate_env_vars(sudo_user.env_vars);
}
@@ -442,6 +475,17 @@ main(argc, argv, envp)
(void) sigaction(SIGTSTP, &saved_sa_tstp, NULL);
(void) sigaction(SIGCHLD, &saved_sa_chld, NULL);
+ if (access(safe_cmnd, X_OK) != 0) {
+ warn ("unable to execute %s", safe_cmnd);
+#ifdef WITH_AUDIT
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, 0);
+#endif
+ exit(127);
+ }
+#ifdef WITH_AUDIT
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, 1);
+#endif
+
#ifndef PROFILING
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
exit(0);
@@ -465,6 +509,9 @@ main(argc, argv, envp)
NewArgv[1] = safe_cmnd;
execve(_PATH_BSHELL, NewArgv, environ);
}
+#ifdef WITH_AUDIT
+ audit_logger(AUDIT_USER_CMD, safe_cmnd, 0);
+#endif
warn("unable to execute %s", safe_cmnd);
exit(127);
} else if (ISSET(validated, FLAG_NO_USER) || (validated & FLAG_NO_HOST)) {
diff -up sudo-1.6.9p13/configure.in.audit sudo-1.6.9p13/configure.in
--- sudo-1.6.9p13/configure.in.audit 2008-02-21 14:03:02.000000000 +0100
+++ sudo-1.6.9p13/configure.in 2008-02-21 14:03:02.000000000 +0100
@@ -166,6 +166,10 @@ dnl
dnl Options for --with
dnl
+AC_ARG_WITH(audit,
+ [AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
+ [with_audit=$withval], [with_audit=yes])
+
AC_ARG_WITH(CC, [ --with-CC C compiler to use],
[case $with_CC in
yes) AC_MSG_ERROR(["must give --with-CC an argument."])
@@ -1614,6 +1618,25 @@ dnl
: ${mansectsu='8'}
: ${mansectform='5'}
+
+AC_SUBST(LIBAUDIT)
+if test "$with_audit" = "yes"; then
+ # See if we have the audit library
+ AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
+ if test "$audit_header" = "yes"; then
+ AC_CHECK_LIB(audit, audit_log_user_command,
+ [AC_DEFINE(WITH_AUDIT, 1, [Define if you want to enable Audit messages])
+ LIBAUDIT="-laudit"])
+ fi
+ # See if we have the libcap library
+ AC_CHECK_HEADERS(sys/capability.h sys/prctl.h, [cap_header="yes"], [cap_header="no"])
+ if test "$cap_header" = "yes"; then
+ AC_CHECK_LIB(cap, cap_init,
+ [AC_DEFINE(HAVE_LIBCAP, 1, [SELinux libcap support])
+ SUDO_LIBS="${SUDO_LIBS} -lcap"])
+ fi
+fi
+
dnl
dnl Add in any libpaths or libraries specified via configure
dnl
diff -up /dev/null sudo-1.6.9p13/audit_help.c
--- /dev/null 2008-02-05 17:16:01.642928004 +0100
+++ sudo-1.6.9p13/audit_help.c 2008-02-21 14:20:56.000000000 +0100
@@ -0,0 +1,124 @@
+/*
+ * Audit helper functions used throughout sudo
+ *
+ * Copyright (C) 2007, Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#ifdef WITH_AUDIT
+
+#include <stdlib.h>
+#include <syslog.h>
+#include <stdarg.h>
+#include <libaudit.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+int audit_fd;
+
+void audit_help_open (void)
+{
+ audit_fd = audit_open ();
+ if (audit_fd < 0) {
+ /* You get these only when the kernel doesn't have
+ * audit compiled in. */
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT)
+ return;
+ fprintf (stderr, "Cannot open audit interface - aborting.\n");
+ exit (1);
+ }
+}
+
+/*
+ * This function will log a message to the audit system using a predefined
+ * message format. Parameter usage is as follows:
+ *
+ * type - type of message: AUDIT_USER_CMD
+ * command - the command being logged
+ * result - 1 is "success" and 0 is "failed"
+ *
+ */
+void audit_logger (int type, const char *command, int result)
+{
+ int err;
+
+ if (audit_fd < 0)
+ return;
+ else {
+ err = audit_log_user_command (audit_fd, type, command, NULL, result);
+ /* The kernel supports auditing and we had
+ enough privilege to write to the socket. */
+ if( err <= 0 && !(errno == EPERM && getuid() != 0) ) {
+ perror("audit_log_user_command()");
+ }
+ }
+}
+
+#ifdef HAVE_SELINUX
+int send_audit_message(int success, security_context_t old_context,
+ security_context_t new_context, const char *ttyn)
+{
+ char *msg = NULL;
+ int rc;
+
+ if (audit_fd < 0)
+ return -1;
+
+ if (asprintf(&msg, "newrole: old-context=%s new-context=%s",
+ old_context ? old_context : "?",
+ new_context ? new_context : "?") < 0) {
+ fprintf(stderr, "Error allocating memory.\n");
+ rc = -1;
+ goto out;
+ }
+
+ rc = audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
+ msg, NULL, NULL, ttyn, success);
+ if (rc <= 0) {
+ fprintf(stderr, "Error sending audit message.\n");
+ rc = -1;
+ goto out;
+ }
+ rc = 0;
+
+ out:
+ free(msg);
+ return rc;
+}
+#endif
+
+#endif /* WITH_AUDIT */
+
+
diff -up sudo-1.6.9p13/Makefile.in.audit sudo-1.6.9p13/Makefile.in
--- sudo-1.6.9p13/Makefile.in.audit 2008-02-19 19:13:10.000000000 +0100
+++ sudo-1.6.9p13/Makefile.in 2008-02-21 14:03:02.000000000 +0100
@@ -120,11 +120,13 @@ HDRS = compat.h def_data.h defaults.h in
AUTH_OBJS = sudo_auth.o @AUTH_OBJS@
+AUDIT_OBJS = audit_help.o
+
PARSEOBJS = sudo.tab.o lex.yy.o alloc.o defaults.o
SUDOBJS = check.o env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \
interfaces.o logging.o parse.o set_perms.o sudo.o sudo_edit.o \
- tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS)
+ tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS) $(AUDIT_OBJS)
VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
@@ -276,6 +278,9 @@ securid5.o: $(authdir)/securid5.c $(AUTH
sia.o: $(authdir)/sia.c $(AUTHDEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c
+audit_help.o: audit_help.c sudo.h
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(LIBADUIT) $(srcdir)/audit_help.c
+
sudo.man.in: $(srcdir)/sudo.pod
@rm -f $(srcdir)/$@
( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e '/^=pod/q' -e 's/^/.\\" /p' sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" | perl -p sudo.man.pl >> $@ )
diff -up sudo-1.6.9p13/sudo.h.audit sudo-1.6.9p13/sudo.h
--- sudo-1.6.9p13/sudo.h.audit 2008-02-21 14:03:02.000000000 +0100
+++ sudo-1.6.9p13/sudo.h 2008-02-21 14:03:02.000000000 +0100
@@ -23,6 +23,8 @@
#ifndef _SUDO_SUDO_H
#define _SUDO_SUDO_H
+#include <config.h>
+
#include <pathnames.h>
#include <limits.h>
#include "compat.h"
@@ -287,4 +289,10 @@ extern int sudo_mode;
extern int errno;
#endif
+#ifdef WITH_AUDIT
+extern int audit_fd;
+extern void audit_help_open (void);
+extern void audit_logger (int, const char *, int);
+#endif
+
#endif /* _SUDO_SUDO_H */
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/sudo/devel/.cvsignore,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- .cvsignore 6 Feb 2008 12:43:43 -0000 1.16
+++ .cvsignore 21 Feb 2008 15:10:42 -0000 1.17
@@ -1,2 +1,2 @@
sudo-1.6.8p12-sudoers
-sudo-1.6.9p12.tar.gz
+sudo-1.6.9p13.tar.gz
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/sudo/devel/sources,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- sources 6 Feb 2008 12:43:43 -0000 1.18
+++ sources 21 Feb 2008 15:10:42 -0000 1.19
@@ -1,2 +1,2 @@
-3dad7cdd28925f9bdf387510961f8e9f sudo-1.6.8p12-sudoers
-a5795c292e5c64dd9f7bcba8c1c712c9 sudo-1.6.9p12.tar.gz
+573c851f2a204f1cdbbdb657015fc6ef sudo-1.6.8p12-sudoers
+7e9d3e7780c632469ffe88fcc4a6b1ca sudo-1.6.9p13.tar.gz
Index: sudo-1.6.8p12-sudoers
===================================================================
RCS file: /cvs/extras/rpms/sudo/devel/sudo-1.6.8p12-sudoers,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- sudo-1.6.8p12-sudoers 26 Oct 2006 09:14:04 -0000 1.3
+++ sudo-1.6.8p12-sudoers 21 Feb 2008 15:10:42 -0000 1.4
@@ -56,12 +56,11 @@
Defaults requiretty
Defaults env_reset
-Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
- LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
- LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
- LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
- _XKB_CHARSET XAUTHORITY"
+Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
+Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
Index: sudo.spec
===================================================================
RCS file: /cvs/extras/rpms/sudo/devel/sudo.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- sudo.spec 6 Feb 2008 13:39:49 -0000 1.60
+++ sudo.spec 21 Feb 2008 15:10:42 -0000 1.61
@@ -1,6 +1,6 @@
Summary: Allows restricted root access for specified users
Name: sudo
-Version: 1.6.9p12
+Version: 1.6.9p13
Release: 1%{?dist}
License: BSD
Group: Applications/System
@@ -26,8 +26,7 @@
# the rest, see changelog
Patch3: sudo-1.6.9p4-getgrouplist.patch
Patch4: sudo-1.6.9p12-noPam.patch
-Patch5: sudo-1.6.9p4-audit.patch
-Patch6: sudo-1.6.9p12-selinux.patch
+Patch5: sudo-1.6.9p13-audit.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -47,7 +46,6 @@
%patch3 -p1 -b .getgrouplist
%patch4 -p1 -b .noPam
%patch5 -p1 -b .audit
-%patch6 -p1 -b .selinux
autoreconf
@@ -72,7 +70,8 @@
--with-env-editor \
--with-ignore-dot \
--with-tty-tickets \
- --with-ldap
+ --with-ldap \
+ --with-selinux
# --without-kerb5 \
# --without-kerb4
make
@@ -118,7 +117,7 @@
%attr(4111,root,root) %{_bindir}/sudo
%attr(4111,root,root) %{_bindir}/sudoedit
%attr(0755,root,root) %{_sbindir}/visudo
-%attr(0755,root,root) %{_sbindir}/sesh
+%attr(0755,root,root) %{_libexecdir}/sesh
%{_libexecdir}/sudo_noexec.*
%{_mandir}/man5/sudoers.5*
%{_mandir}/man8/sudo.8*
@@ -130,6 +129,9 @@
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Thu Feb 21 2008 Peter Vrabec <pvrabec at redhat.com> 1.6.9p13-1
+- upgrade to the latest upstream release
+
* Wed Feb 06 2008 Peter Vrabec <pvrabec at redhat.com> 1.6.9p12-1
- upgrade to the latest upstream release
- add selinux support
--- sudo-1.6.9p12-selinux.patch DELETED ---
--- sudo-1.6.9p4-audit.patch DELETED ---
- Previous message (by thread): rpms/quota/devel quota-3.15-manpages.patch, NONE, 1.1 quota.spec, 1.38, 1.39
- Next message (by thread): rpms/system-config-bind/devel .cvsignore, 1.31, 1.32 sources, 1.48, 1.49 system-config-bind.spec, 1.69, 1.70 system-config-bind-4.0.2-DNSSECkey-record-column.patch, 1.1, NONE system-config-bind-4.0.2-SSHFPrecord.patch, 1.1, NONE system-config-bind-4.0.2-check-child.patch, 1.1, NONE system-config-bind-4.0.2-correct-typos.patch, 1.1, NONE system-config-bind-4.0.2-rndc-label-correction.patch, 1.1, NONE system-config-bind-4.0.2-ver.patch, 1.1, NONE system-config-bind-4.0.2-version-2.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list