Summary: Allows command execution as root for specified users Summary(ja): スーパーユーザ権限でのコマンドの実行 Name: sudo Version: 1.7.2p7 Release: 5%{?_dist_release} License: ISC-style Group: Applications/System URL: http://www.sudo.ws/ Source0: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz Source1: sudo-sudoers-vine Patch1: sudo-1.6.7p5-strip.patch Patch2: sudo-1.7.2-login.patch Patch3: sudo-1.7.2p4-getgrouplist.patch Patch4: sudo-1.7.1-envdebug.patch Patch5: sudo-1.7.1-libtool.patch # reset HOME when using the -i' option (#635250) Patch6: sudo-1.7.4p4-sudoi.patch # security Patch100: sudo-1.7.2p7_CVE-2010-2956.patch Patch110: sudo-1.7.2p7_CVE-2011-0010.patch Patch111: sudo-1.7.2p7_user_in_group.patch Patch120: sudo-1.7.2p7_CVE-2012-2337.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: pam-devel BuildRequires: groff BuildRequires: flex BuildRequires: bison BuildRequires: openldap-devel BuildRequires: automake autoconf libtool BuildRequires: libcap-devel Vendor: Project Vine Distribution: Vine Linux %description Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. %description -l ja sudo は、特定のユーザや特定のグループに所属するユーザが、スーパーユーザ権限で いくつかのコマンド操作を行うことを許可するためのプログラムです。 %prep %setup -q %patch1 -p1 -b .strip %patch2 -p1 -b .login %patch3 -p1 -b .getgrouplist %patch4 -p1 -b .envdebug %patch5 -p1 -b .libtool %patch100 -p1 -b .CVE-2010-2956 %patch110 -p1 -b .CVE-2011-0010 %patch111 -p1 -b .user_in_group %patch120 -p1 -b .CVE-2012-2337 libtoolize --force && rm acsite.m4 && mv aclocal.m4 acinclude.m4 && autoreconf %build %configure \ --prefix=%{_prefix} \ --sbindir=%{_sbindir} \ --libdir=%{_libdir} \ --sysconfdir=%{_sysconfdir} \ --with-pam \ --with-pam-login \ --with-logging=syslog \ --with-logfac=authpriv \ --with-tty-tickets \ --with-ignore-dot \ --with-editor=/bin/vi \ --with-env-editor \ --with-ldap \ --with-passprompt="[sudo] password for %p: " \ --with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin" \ --without-interfaces make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT mkdir $RPM_BUILD_ROOT make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -p -d -m 700 $RPM_BUILD_ROOT/var/run/sudo install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers mkdir -p $RPM_BUILD_ROOT/etc/pam.d cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF #%PAM-1.0 auth include system-auth account include system-auth password include system-auth session optional pam_keyinit.so revoke session required pam_limits.so EOF cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF #%PAM-1.0 auth include sudo account include sudo password include sudo session optional pam_keyinit.so force revoke session required pam_limits.so EOF %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc HISTORY LICENSE README* TROUBLESHOOTING UPGRADE %doc ChangeLog %doc *.pod schema.* sudoers2ldif sample.* %attr(0440,root,root) %config(noreplace) /etc/sudoers %config(noreplace) /etc/pam.d/sudo %config(noreplace) /etc/pam.d/sudo-i %dir /var/run/sudo %attr(4111,root,root) %{_bindir}/sudo %attr(4111,root,root) %{_bindir}/sudoedit %attr(0755,root,root) %{_sbindir}/visudo %{_libexecdir}/sudo_noexec.* %{_mandir}/man5/sudoers*.5* %{_mandir}/man8/sudo.8* %{_mandir}/man8/sudoedit.8* %{_mandir}/man8/visudo.8* %post /bin/chmod 0440 /etc/sudoers || : %changelog * Sat May 19 2012 Satoshi IWAMOTO 1.7.2p7-5 - add patch120 for fix CVE-2012-2337 (netmask match) * Fri Jun 03 2011 Daisuke SUZUKI 1.7.2p7-4 - update sudoers - enable "%wheel ALL=(ALL) ALL" by default. * Thu Feb 10 2011 Satoshi IWAMOTO 1.7.2p7-3 - add patch110,111 for fix CVE-2011-0010 ("-g" option) * Wed Sep 8 2010 Satoshi IWAMOTO 1.7.2p7-2 - add Patch100 for fix CVE-2010-2956 (sudo Runas) - add _smp_mflags flag into make section - fix doc filelist (no longer exist BUGS, CHANGSE) * Sun Jun 20 2010 Satoshi IWAMOTO 1.7.2p7-1 - new upstream release with security fix (CVE-2010-1646) - change specfile name (-vl) * Sun Apr 25 2010 Satoshi IWAMOTO 1.7.2p6-1 - new upstream release with security fix (CVE-2010-1163) - add sudoers.ldap.5 into files section * Wed Feb 24 2010 Satoshi IWAMOTO 1.7.2p4-1 - new upstream release with security fix (CVE-2010-0426) - update Patch3 * Wed Jul 15 2009 Daisuke SUZUKI 1.7.2-1 - new upstream release * Wed Jun 17 2009 Daisuke SUZUKI 1.7.1-1 - new upstream release - update patches - disable "Defaults requiretty" * Fri Feb 13 2009 NAKAMURA Kenta 1.6.9p20-2 - rebuilt with openldap-2.4.11 * Thu Feb 12 2009 Satoshi IWAMOTO 1.6.9p20-1 - new upstream release with security fix (CVE 2009-0034) * Sat Aug 16 2008 Daisuke SUZUKI 1.6.9p17-1 - new upstream release - merge some changes from fedoraproject - include [sudo] in password prompt - compiled with secure path - also use getgrouplist() to determine group membership - add sudoers file - add command aliases, default environment config - build with openldap * Fri Aug 15 2008 Shu KONNO 1.6.8p12-1vl5 - applied new versioning policy, spec in utf-8 * Fri May 19 2006 Daisuke SUZUKI 1.6.8p12-0vl2 - change PAM configuration to use system-auth - add --with-ignore-dot, --with-editor and --with-env-editor to configure option. * Mon Jan 23 2006 Satoshi IWAMOTO 1.6.8p12-0vl1 - new upstream release (included security fix) - add patch1 for fix CVE-2006-0151 * Mon May 09 2005 Daisuke SUZUKI 1.6.8p8-0vl1 - new upstream release - use macros - build with pam * Wed Jan 19 2005 IWAI, Masaharu 1.6.8p6-0vl1 - new upstream release * Sun Oct 10 2004 IWAI, Masaharu 1.6.8p1-0vl1 - SECURITY FIX: new upstream release - update rpmnonroot.patch ( Patch0 ) - add new man page: sudoedit(8) * Wed Sep 1 2004 IWAI, Masaharu 1.6.8-0vl1 - new upstream release - update rpmnonroot.patch ( Patch0 ) - change Copyrigh tag to License tag - update License - update URL and Source0: official web site moved. - new files: %%{_bindir}/sudoedit and %%{_libexecdir}/sudo_noexec.* * Mon Apr 14 2003 IWAI Masaharu 1.6.7p3-0vl1 - upstream release * Wed May 08 2002 Satoshi MACHINO 1.6.6-0vl3 - fixed changelog -- don't expand macros in changelog ;P * Wed May 01 2002 Satoshi MACHINO 1.6.6-0vl2 - changed to use configure in build section (can't build on sparc) * Fri Apr 26 2002 Daisuke SUZUKI 1.6.6-0vl1 - upstream release - fix security hole : buffer over flow * Thu Jan 24 2002 IWAI Masaharu 1.6.5p2-0vl1 - upstream release - updated sudo.rpmnonroot.diff * Fri Jan 18 2002 IWAI Masaharu 1.6.5p1-0vl1 - upstream release - added configure script option '--disable-root-mailer' * Tue Jan 15 2002 IWAI Masaharu 1.6.4p1-0vl1 - upstream release - eliminated FAQ from %doc * Mon Jan 14 2002 IWAI Masaharu 1.6.4-0vl1 - upstream release - added noreplace flag (%{_sysconfdir}/sudoers file is not replaced) - updated sudo.rpmnonroot.diff * Wed May 09 2001 - 1.6.3p7-0vl2: follow up 1.6.2p6-0.6vl1 * Fri Mar 02 2001 sagami@vinelinux.org - 1.6.3p7-0vl1 - use better macros * Tue Mar 1 2001 Kunio Murasawa - 1.6.3p6-0vl1 - changed sudo.rpmnonroot.diff for 1.6.3p6 * Tue Sep 19 2000 MATSUBAYASHI 'Shaolin' Kohji - 1.6.1-2vl5 - patch -p1 -> patch -p0 * Mon Sep 18 2000 MATSUMOTO Shoji - 1.6.1-2vl4 - fix uid/gid to root.root - add sudo.rpmnonroot.diff to built by non-root users * Tue Sep 12 2000 Jun Nishii - 1.6.1-2vl3 - fix attr * Sun Sep 10 2000 Jun Nishii - 1.6.1-2vl2 - enable to build by non-root useres * Fri Sep 08 2000 MATSUBAYASHI 'Shaolin' Kohji - 1.6.1-2vl1 - modified %files section to handle compressed man page(s) * Fri Jan 7 2000 Jun Nishii - change group * Thu Dec 30 1999 Jun Nishii - version 1.6.1 - build for Vine Linux 2.0 * Fri May 14 1999 Takeda Eiji - sudo reads $BuildRoot%{_sysconfdir}/sudoers. Make change to read /etc/sudoers. * Wed Apr 21 1999 Hiroto Watanabe - Initial Release