source: projects/specs/trunk/s/sudo/sudo-vl.spec @ 3394

Revision 3394, 8.6 KB checked in by iwaim, 13 years ago (diff)

sudo 1.7.2p7-3 (Vine5 updates)
Line 
1Summary: Allows command execution as root for specified users
2Summary(ja): スーパーユーザ権限でのコマンドの実行
3Name: sudo
4Version: 1.7.2p7
5Release: 3%{?_dist_release}
6License: ISC-style
7Group: Applications/System
8URL: http://www.sudo.ws/
9
10Source0: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz
11Source1: sudo-sudoers-vine
12
13Patch1: sudo-1.6.7p5-strip.patch
14Patch2: sudo-1.7.2-login.patch
15Patch3: sudo-1.7.2p4-getgrouplist.patch
16Patch4: sudo-1.7.1-envdebug.patch
17Patch5: sudo-1.7.1-libtool.patch
18# security
19Patch100: sudo-1.7.2p7_CVE-2010-2956.patch
20Patch110: sudo-1.7.2p7_CVE-2011-0010.patch
21Patch111: sudo-1.7.2p7_user_in_group.patch
22
23Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
24BuildRequires: pam-devel
25BuildRequires: groff
26BuildRequires: flex
27BuildRequires: bison
28BuildRequires: openldap-devel
29BuildRequires: automake autoconf libtool
30BuildRequires: libcap-devel
31
32Vendor: Project Vine
33Distribution: Vine Linux
34
35%description
36Sudo (superuser do) allows a system administrator to give certain users
37(or groups of users) the ability to run some (or all) commands as root while
38logging all commands and arguments. Sudo operates on a per-command basis,
39it is not a replacement for the shell.
40
41%description -l ja
42sudo は、特定のユーザや特定のグループに所属するユーザが、スーパーユーザ権限で
43いくつかのコマンド操作を行うことを許可するためのプログラムです。
44
45%prep
46%setup -q
47%patch1 -p1 -b .strip
48%patch2 -p1 -b .login
49%patch3 -p1 -b .getgrouplist
50%patch4 -p1 -b .envdebug
51%patch5 -p1 -b .libtool
52
53%patch100 -p1 -b .CVE-2010-2956
54%patch110 -p1 -b .CVE-2011-0010
55%patch111 -p1 -b .user_in_group
56
57libtoolize --force && rm acsite.m4 && mv aclocal.m4 acinclude.m4 && autoreconf
58
59%build
60%configure \
61  --prefix=%{_prefix} \
62  --sbindir=%{_sbindir} \
63  --libdir=%{_libdir} \
64  --sysconfdir=%{_sysconfdir} \
65  --with-pam \
66  --with-pam-login \
67  --with-logging=syslog \
68  --with-logfac=authpriv \
69  --with-tty-tickets \
70  --with-ignore-dot \
71  --with-editor=/bin/vi \
72  --with-env-editor \
73  --with-ldap \
74  --with-passprompt="[sudo] password for %p: " \
75  --with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin" \
76  --without-interfaces
77make %{?_smp_mflags}
78
79%install
80rm -rf $RPM_BUILD_ROOT
81mkdir $RPM_BUILD_ROOT
82make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
83chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
84install -p -d -m 700 $RPM_BUILD_ROOT/var/run/sudo
85install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
86
87mkdir -p $RPM_BUILD_ROOT/etc/pam.d
88cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
89#%PAM-1.0
90auth       include      system-auth
91account    include      system-auth
92password   include      system-auth
93session    optional     pam_keyinit.so revoke
94session    required     pam_limits.so
95EOF
96
97cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
98#%PAM-1.0
99auth       include      sudo
100account    include      sudo
101password   include      sudo
102session    optional     pam_keyinit.so force revoke
103session    required     pam_limits.so
104EOF
105
106
107%clean
108rm -rf $RPM_BUILD_ROOT
109
110%files
111%defattr(-,root,root)
112%doc HISTORY LICENSE README* TROUBLESHOOTING UPGRADE
113%doc ChangeLog
114%doc *.pod schema.* sudoers2ldif sample.*
115%attr(0440,root,root) %config(noreplace) /etc/sudoers
116%config(noreplace) /etc/pam.d/sudo
117%config(noreplace) /etc/pam.d/sudo-i
118%dir /var/run/sudo
119%attr(4111,root,root) %{_bindir}/sudo
120%attr(4111,root,root) %{_bindir}/sudoedit
121%attr(0755,root,root) %{_sbindir}/visudo
122%{_libexecdir}/sudo_noexec.*
123%{_mandir}/man5/sudoers*.5*
124%{_mandir}/man8/sudo.8*
125%{_mandir}/man8/sudoedit.8*
126%{_mandir}/man8/visudo.8*
127
128%post
129/bin/chmod 0440 /etc/sudoers || :
130
131%changelog
132* Thu Feb 10 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-3
133- add patch110,111 for fix CVE-2011-0010 ("-g" option)
134
135* Wed Sep  8 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-2
136- add Patch100 for fix CVE-2010-2956 (sudo Runas)
137- add _smp_mflags flag into make section
138- fix doc filelist (no longer exist BUGS, CHANGSE)
139
140* Sun Jun 20 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-1
141- new upstream release with security fix (CVE-2010-1646)
142- change specfile name (-vl)
143
144* Sun Apr 25 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p6-1
145- new upstream release with security fix (CVE-2010-1163)
146- add sudoers.ldap.5 into files section
147
148* Wed Feb 24 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p4-1
149- new upstream release with security fix (CVE-2010-0426)
150- update Patch3
151
152* Wed Jul 15 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2-1
153- new upstream release
154
155* Wed Jun 17 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.1-1
156- new upstream release
157- update patches
158- disable "Defaults requiretty"
159
160* Fri Feb 13 2009 NAKAMURA Kenta <kenta@vinelinux.org> 1.6.9p20-2
161- rebuilt with openldap-2.4.11
162
163* Thu Feb 12 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.9p20-1
164- new upstream release with security fix (CVE 2009-0034)
165
166* Sat Aug 16 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.9p17-1
167- new upstream release
168- merge some changes from fedoraproject
169  - include [sudo] in password prompt
170  - compiled with secure path
171  - also use getgrouplist() to determine group membership
172  - add sudoers file
173    - add command aliases, default environment config
174- build with openldap
175
176* Fri Aug 15 2008 Shu KONNO <owa@bg.wakwak.com> 1.6.8p12-1vl5
177- applied new versioning policy, spec in utf-8
178
179* Fri May 19 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p12-0vl2
180- change PAM configuration to use system-auth
181- add --with-ignore-dot, --with-editor and --with-env-editor to
182  configure option.
183
184* Mon Jan 23 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.8p12-0vl1
185- new upstream release (included security fix)
186- add patch1 for fix CVE-2006-0151
187
188* Mon May 09 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p8-0vl1
189- new upstream release
190- use macros
191- build with pam
192
193* Wed Jan 19 2005 IWAI, Masaharu <iwai@alib.jp> 1.6.8p6-0vl1
194- new upstream release
195
196* Sun Oct 10 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8p1-0vl1
197- SECURITY FIX: new upstream release
198- update rpmnonroot.patch ( Patch0 )
199- add new man page: sudoedit(8)
200
201* Wed Sep  1 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8-0vl1
202- new upstream release
203- update rpmnonroot.patch ( Patch0 )
204- change Copyrigh tag to License tag
205- update License
206- update URL and Source0: official web site moved.
207- new files: %%{_bindir}/sudoedit and %%{_libexecdir}/sudo_noexec.*
208
209* Mon Apr 14 2003 IWAI Masaharu <iwai@alib.jp> 1.6.7p3-0vl1
210- upstream release
211
212* Wed May 08 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl3
213- fixed changelog
214        -- don't expand macros in changelog ;P
215               
216* Wed May 01 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl2
217- changed to use configure in build section
218        (can't build on sparc)
219
220* Fri Apr 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.6-0vl1
221- upstream release
222- fix security hole : buffer over flow
223
224* Thu Jan 24 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p2-0vl1
225- upstream release
226- updated sudo.rpmnonroot.diff
227
228* Fri Jan 18 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p1-0vl1
229- upstream release
230- added configure script option '--disable-root-mailer'
231
232* Tue Jan 15 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4p1-0vl1
233- upstream release
234- eliminated FAQ from %doc
235
236* Mon Jan 14 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4-0vl1
237- upstream release
238- added noreplace flag (%{_sysconfdir}/sudoers file is not replaced)
239- updated sudo.rpmnonroot.diff
240
241* Wed May 09 2001 <sagami@vinelinux.org>
242- 1.6.3p7-0vl2: follow up 1.6.2p6-0.6vl1
243
244* Fri Mar 02 2001 sagami@vinelinux.org
245- 1.6.3p7-0vl1
246- use better macros
247
248* Tue Mar 1 2001 Kunio Murasawa <murasawa@marineroad.com>
249- 1.6.3p6-0vl1
250- changed sudo.rpmnonroot.diff for 1.6.3p6
251
252* Tue Sep 19 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
253- 1.6.1-2vl5
254- patch -p1 -> patch -p0
255
256* Mon Sep 18 2000 MATSUMOTO Shoji <shom@vinelinux.org>
257- 1.6.1-2vl4
258- fix uid/gid to root.root
259- add sudo.rpmnonroot.diff to built by non-root users
260
261* Tue Sep 12 2000 Jun Nishii <jun@vinelinux.org>
262- 1.6.1-2vl3
263- fix attr
264
265* Sun Sep 10 2000 Jun Nishii <jun@vinelinux.org>
266- 1.6.1-2vl2
267- enable to build by non-root useres
268
269* Fri Sep 08 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
270- 1.6.1-2vl1
271- modified %files section to handle compressed man page(s)
272
273* Fri Jan  7 2000 Jun Nishii <jun@vinelinux.org>
274- change group
275
276* Thu Dec 30 1999 Jun Nishii <jun@vinelinux.org>
277- version 1.6.1
278- build for Vine Linux 2.0
279
280* Fri May 14  1999 Takeda Eiji <keda@flatout.org>
281- sudo reads $BuildRoot%{_sysconfdir}/sudoers. Make change to read /etc/sudoers.
282
283* Wed Apr 21 1999 Hiroto Watanabe <watanabe@cij.co.jp>
284- Initial Release
285
Note: See TracBrowser for help on using the repository browser.