source: projects/specs/branches/6/s/sudo/sudo-vl.spec @ 7523

Summary: Allows command execution as root for specified users
Summary(ja): スーパーユーザ権限でのコマンドの実行
Name: sudo
Version: 1.7.10p7
Release: 2%{?_dist_release}
License: ISC-style
Group: Applications/System
URL: http://www.sudo.ws/

Source0: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz
Source1: sudo-sudoers-vine

Patch1: sudo-1.6.7p5-strip.patch
Patch4: sudo-1.7.1-envdebug.patch
Patch5: sudo-1.7.10-libtool.patch
Patch7: sudo-1.7.10p7-m4path.patch

# security
# nothing...

Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: pam-devel
BuildRequires: groff
BuildRequires: flex
BuildRequires: bison
BuildRequires: openldap-devel
BuildRequires: automake autoconf libtool
BuildRequires: libcap-devel

Vendor: Project Vine
Distribution: Vine Linux

%description
Sudo (superuser do) allows a system administrator to give certain users 
(or groups of users) the ability to run some (or all) commands as root while 
logging all commands and arguments. Sudo operates on a per-command basis, 
it is not a replacement for the shell. 

%description -l ja
sudo は、特定のユーザや特定のグループに所属するユーザが、スーパーユーザ権限で
いくつかのコマンド操作を行うことを許可するためのプログラムです。

%prep
%setup -q
%patch1 -p1 -b .strip
%patch4 -p1 -b .envdebug
%patch5 -p1 -b .libtool

%patch7 -p1 -b .m4path

# security fixes
# nothing...

libtoolize --force
# handle newer autoconf
rm -f acsite.m4
mv aclocal.m4 acinclude.m4
autoreconf -I m4 -fv --install

%build
%configure \
  --prefix=%{_prefix} \
  --sbindir=%{_sbindir} \
  --libdir=%{_libdir} \
  --sysconfdir=%{_sysconfdir} \
  --with-iologdir=/var/log/sudo-io \
  --with-pam \
  --with-pam-login \
  --with-logging=syslog \
  --with-logfac=authpriv \
  --with-tty-tickets \
  --with-ignore-dot \
  --with-editor=/bin/vi \
  --with-env-editor \
  --with-ldap \
  --with-passprompt="[sudo] password for %p: " \
  --with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin" \
  --without-interfaces
make %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
mkdir $RPM_BUILD_ROOT
make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* 
install -p -d -m 700 $RPM_BUILD_ROOT/var/run/sudo
install -p -d -m 700 $RPM_BUILD_ROOT/var/log/sudo-io
install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers

mkdir -p $RPM_BUILD_ROOT/etc/pam.d
cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so revoke
session    required     pam_limits.so
EOF

cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
#%PAM-1.0
auth       include      sudo
account    include      sudo
password   include      sudo
session    optional     pam_keyinit.so force revoke
session    required     pam_limits.so
EOF


%clean 
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
%doc HISTORY LICENSE README* TROUBLESHOOTING UPGRADE
%doc ChangeLog
%doc *.pod schema.* sudoers2ldif sample.*
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%config(noreplace) /etc/pam.d/sudo
%config(noreplace) /etc/pam.d/sudo-i
%dir /var/run/sudo
%attr(0750,root,root) %dir /var/log/sudo-io
%attr(4111,root,root) %{_bindir}/sudo
%attr(4111,root,root) %{_bindir}/sudoedit
%attr(0111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%{_libexecdir}/sudo_noexec.*
%{_mandir}/man5/sudoers*.5*
%{_mandir}/man8/sudo.8*
%{_mandir}/man8/sudoedit.8*
%{_mandir}/man8/visudo.8*
%{_mandir}/man8/sudoreplay.8*

%post
/bin/chmod 0440 /etc/sudoers || :

%changelog
* Mon Mar  4 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.10p7-2vl6
- fix attribution of sudoreplay
- add /var/log/sudo-io

* Mon Mar  4 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.10p7-1vl6
- new upstream release with security fixes
- drop old patches

* Mon Mar  4 2013 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-6
- add patch130 for fix CVE-2013-1775 (sudo -K)

* Sat May 19 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-5
- add patch120 for fix CVE-2012-2337 (netmask match)

* Fri Jun 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2p7-4
- update sudoers
  - enable "%wheel ALL=(ALL) ALL" by default.

* Thu Feb 10 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-3
- add patch110,111 for fix CVE-2011-0010 ("-g" option)

* Wed Sep  8 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-2
- add Patch100 for fix CVE-2010-2956 (sudo Runas)
- add _smp_mflags flag into make section
- fix doc filelist (no longer exist BUGS, CHANGSE)

* Sun Jun 20 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-1
- new upstream release with security fix (CVE-2010-1646) 
- change specfile name (-vl)

* Sun Apr 25 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p6-1
- new upstream release with security fix (CVE-2010-1163)
- add sudoers.ldap.5 into files section

* Wed Feb 24 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p4-1
- new upstream release with security fix (CVE-2010-0426)
- update Patch3

* Wed Jul 15 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2-1
- new upstream release

* Wed Jun 17 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.1-1
- new upstream release
- update patches
- disable "Defaults requiretty"

* Fri Feb 13 2009 NAKAMURA Kenta <kenta@vinelinux.org> 1.6.9p20-2
- rebuilt with openldap-2.4.11

* Thu Feb 12 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.9p20-1
- new upstream release with security fix (CVE 2009-0034)

* Sat Aug 16 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.9p17-1
- new upstream release
- merge some changes from fedoraproject
  - include [sudo] in password prompt
  - compiled with secure path
  - also use getgrouplist() to determine group membership
  - add sudoers file
    - add command aliases, default environment config
- build with openldap

* Fri Aug 15 2008 Shu KONNO <owa@bg.wakwak.com> 1.6.8p12-1vl5
- applied new versioning policy, spec in utf-8

* Fri May 19 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p12-0vl2
- change PAM configuration to use system-auth
- add --with-ignore-dot, --with-editor and --with-env-editor to
  configure option.

* Mon Jan 23 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.8p12-0vl1
- new upstream release (included security fix)
- add patch1 for fix CVE-2006-0151

* Mon May 09 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p8-0vl1
- new upstream release
- use macros
- build with pam

* Wed Jan 19 2005 IWAI, Masaharu <iwai@alib.jp> 1.6.8p6-0vl1
- new upstream release

* Sun Oct 10 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8p1-0vl1
- SECURITY FIX: new upstream release
- update rpmnonroot.patch ( Patch0 )
- add new man page: sudoedit(8)

* Wed Sep  1 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8-0vl1
- new upstream release
- update rpmnonroot.patch ( Patch0 )
- change Copyrigh tag to License tag
- update License
- update URL and Source0: official web site moved.
- new files: %%{_bindir}/sudoedit and %%{_libexecdir}/sudo_noexec.*

* Mon Apr 14 2003 IWAI Masaharu <iwai@alib.jp> 1.6.7p3-0vl1
- upstream release

* Wed May 08 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl3
- fixed changelog
        -- don't expand macros in changelog ;P
                
* Wed May 01 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl2
- changed to use configure in build section
        (can't build on sparc)

* Fri Apr 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.6-0vl1
- upstream release
- fix security hole : buffer over flow

* Thu Jan 24 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p2-0vl1
- upstream release
- updated sudo.rpmnonroot.diff

* Fri Jan 18 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p1-0vl1
- upstream release
- added configure script option '--disable-root-mailer'

* Tue Jan 15 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4p1-0vl1
- upstream release
- eliminated FAQ from %doc

* Mon Jan 14 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4-0vl1
- upstream release
- added noreplace flag (%{_sysconfdir}/sudoers file is not replaced)
- updated sudo.rpmnonroot.diff

* Wed May 09 2001 <sagami@vinelinux.org>
- 1.6.3p7-0vl2: follow up 1.6.2p6-0.6vl1

* Fri Mar 02 2001 sagami@vinelinux.org
- 1.6.3p7-0vl1
- use better macros

* Tue Mar 1 2001 Kunio Murasawa <murasawa@marineroad.com>
- 1.6.3p6-0vl1
- changed sudo.rpmnonroot.diff for 1.6.3p6

* Tue Sep 19 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
- 1.6.1-2vl5
- patch -p1 -> patch -p0

* Mon Sep 18 2000 MATSUMOTO Shoji <shom@vinelinux.org>
- 1.6.1-2vl4
- fix uid/gid to root.root
- add sudo.rpmnonroot.diff to built by non-root users

* Tue Sep 12 2000 Jun Nishii <jun@vinelinux.org>
- 1.6.1-2vl3
- fix attr

* Sun Sep 10 2000 Jun Nishii <jun@vinelinux.org>
- 1.6.1-2vl2
- enable to build by non-root useres

* Fri Sep 08 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
- 1.6.1-2vl1
- modified %files section to handle compressed man page(s)

* Fri Jan  7 2000 Jun Nishii <jun@vinelinux.org>
- change group

* Thu Dec 30 1999 Jun Nishii <jun@vinelinux.org>
- version 1.6.1
- build for Vine Linux 2.0

* Fri May 14  1999 Takeda Eiji <keda@flatout.org>
- sudo reads $BuildRoot%{_sysconfdir}/sudoers. Make change to read /etc/sudoers.

* Wed Apr 21 1999 Hiroto Watanabe <watanabe@cij.co.jp>
- Initial Release