source: projects/specs/trunk/s/sudo/sudo-vl.spec @ 4035

Revision 4035, 8.8 KB checked in by daisuke, 13 years ago (diff)

sudo: add "%wheel ALL=(ALL) ALL" to sudoers
Line 
1Summary: Allows command execution as root for specified users
2Summary(ja): スーパーユーザ権限でのコマンドの実行
3Name: sudo
4Version: 1.7.2p7
5Release: 4%{?_dist_release}
6License: ISC-style
7Group: Applications/System
8URL: http://www.sudo.ws/
9
10Source0: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz
11Source1: sudo-sudoers-vine
12
13Patch1: sudo-1.6.7p5-strip.patch
14Patch2: sudo-1.7.2-login.patch
15Patch3: sudo-1.7.2p4-getgrouplist.patch
16Patch4: sudo-1.7.1-envdebug.patch
17Patch5: sudo-1.7.1-libtool.patch
18# reset HOME when using the -i' option (#635250)
19Patch6: sudo-1.7.4p4-sudoi.patch
20# security
21Patch100: sudo-1.7.2p7_CVE-2010-2956.patch
22Patch110: sudo-1.7.2p7_CVE-2011-0010.patch
23Patch111: sudo-1.7.2p7_user_in_group.patch
24
25Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
26BuildRequires: pam-devel
27BuildRequires: groff
28BuildRequires: flex
29BuildRequires: bison
30BuildRequires: openldap-devel
31BuildRequires: automake autoconf libtool
32BuildRequires: libcap-devel
33
34Vendor: Project Vine
35Distribution: Vine Linux
36
37%description
38Sudo (superuser do) allows a system administrator to give certain users
39(or groups of users) the ability to run some (or all) commands as root while
40logging all commands and arguments. Sudo operates on a per-command basis,
41it is not a replacement for the shell.
42
43%description -l ja
44sudo は、特定のユーザや特定のグループに所属するユーザが、スーパーユーザ権限で
45いくつかのコマンド操作を行うことを許可するためのプログラムです。
46
47%prep
48%setup -q
49%patch1 -p1 -b .strip
50%patch2 -p1 -b .login
51%patch3 -p1 -b .getgrouplist
52%patch4 -p1 -b .envdebug
53%patch5 -p1 -b .libtool
54
55%patch100 -p1 -b .CVE-2010-2956
56%patch110 -p1 -b .CVE-2011-0010
57%patch111 -p1 -b .user_in_group
58
59libtoolize --force && rm acsite.m4 && mv aclocal.m4 acinclude.m4 && autoreconf
60
61%build
62%configure \
63  --prefix=%{_prefix} \
64  --sbindir=%{_sbindir} \
65  --libdir=%{_libdir} \
66  --sysconfdir=%{_sysconfdir} \
67  --with-pam \
68  --with-pam-login \
69  --with-logging=syslog \
70  --with-logfac=authpriv \
71  --with-tty-tickets \
72  --with-ignore-dot \
73  --with-editor=/bin/vi \
74  --with-env-editor \
75  --with-ldap \
76  --with-passprompt="[sudo] password for %p: " \
77  --with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin" \
78  --without-interfaces
79make %{?_smp_mflags}
80
81%install
82rm -rf $RPM_BUILD_ROOT
83mkdir $RPM_BUILD_ROOT
84make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
85chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
86install -p -d -m 700 $RPM_BUILD_ROOT/var/run/sudo
87install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
88
89mkdir -p $RPM_BUILD_ROOT/etc/pam.d
90cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
91#%PAM-1.0
92auth       include      system-auth
93account    include      system-auth
94password   include      system-auth
95session    optional     pam_keyinit.so revoke
96session    required     pam_limits.so
97EOF
98
99cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
100#%PAM-1.0
101auth       include      sudo
102account    include      sudo
103password   include      sudo
104session    optional     pam_keyinit.so force revoke
105session    required     pam_limits.so
106EOF
107
108
109%clean
110rm -rf $RPM_BUILD_ROOT
111
112%files
113%defattr(-,root,root)
114%doc HISTORY LICENSE README* TROUBLESHOOTING UPGRADE
115%doc ChangeLog
116%doc *.pod schema.* sudoers2ldif sample.*
117%attr(0440,root,root) %config(noreplace) /etc/sudoers
118%config(noreplace) /etc/pam.d/sudo
119%config(noreplace) /etc/pam.d/sudo-i
120%dir /var/run/sudo
121%attr(4111,root,root) %{_bindir}/sudo
122%attr(4111,root,root) %{_bindir}/sudoedit
123%attr(0755,root,root) %{_sbindir}/visudo
124%{_libexecdir}/sudo_noexec.*
125%{_mandir}/man5/sudoers*.5*
126%{_mandir}/man8/sudo.8*
127%{_mandir}/man8/sudoedit.8*
128%{_mandir}/man8/visudo.8*
129
130%post
131/bin/chmod 0440 /etc/sudoers || :
132
133%changelog
134* Fri Jun 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2p7-4
135- update sudoers
136  - enable "%wheel ALL=(ALL) ALL" by default.
137
138* Thu Feb 10 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-3
139- add patch110,111 for fix CVE-2011-0010 ("-g" option)
140
141* Wed Sep  8 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-2
142- add Patch100 for fix CVE-2010-2956 (sudo Runas)
143- add _smp_mflags flag into make section
144- fix doc filelist (no longer exist BUGS, CHANGSE)
145
146* Sun Jun 20 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-1
147- new upstream release with security fix (CVE-2010-1646)
148- change specfile name (-vl)
149
150* Sun Apr 25 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p6-1
151- new upstream release with security fix (CVE-2010-1163)
152- add sudoers.ldap.5 into files section
153
154* Wed Feb 24 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p4-1
155- new upstream release with security fix (CVE-2010-0426)
156- update Patch3
157
158* Wed Jul 15 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2-1
159- new upstream release
160
161* Wed Jun 17 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.1-1
162- new upstream release
163- update patches
164- disable "Defaults requiretty"
165
166* Fri Feb 13 2009 NAKAMURA Kenta <kenta@vinelinux.org> 1.6.9p20-2
167- rebuilt with openldap-2.4.11
168
169* Thu Feb 12 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.9p20-1
170- new upstream release with security fix (CVE 2009-0034)
171
172* Sat Aug 16 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.9p17-1
173- new upstream release
174- merge some changes from fedoraproject
175  - include [sudo] in password prompt
176  - compiled with secure path
177  - also use getgrouplist() to determine group membership
178  - add sudoers file
179    - add command aliases, default environment config
180- build with openldap
181
182* Fri Aug 15 2008 Shu KONNO <owa@bg.wakwak.com> 1.6.8p12-1vl5
183- applied new versioning policy, spec in utf-8
184
185* Fri May 19 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p12-0vl2
186- change PAM configuration to use system-auth
187- add --with-ignore-dot, --with-editor and --with-env-editor to
188  configure option.
189
190* Mon Jan 23 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.8p12-0vl1
191- new upstream release (included security fix)
192- add patch1 for fix CVE-2006-0151
193
194* Mon May 09 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p8-0vl1
195- new upstream release
196- use macros
197- build with pam
198
199* Wed Jan 19 2005 IWAI, Masaharu <iwai@alib.jp> 1.6.8p6-0vl1
200- new upstream release
201
202* Sun Oct 10 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8p1-0vl1
203- SECURITY FIX: new upstream release
204- update rpmnonroot.patch ( Patch0 )
205- add new man page: sudoedit(8)
206
207* Wed Sep  1 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8-0vl1
208- new upstream release
209- update rpmnonroot.patch ( Patch0 )
210- change Copyrigh tag to License tag
211- update License
212- update URL and Source0: official web site moved.
213- new files: %%{_bindir}/sudoedit and %%{_libexecdir}/sudo_noexec.*
214
215* Mon Apr 14 2003 IWAI Masaharu <iwai@alib.jp> 1.6.7p3-0vl1
216- upstream release
217
218* Wed May 08 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl3
219- fixed changelog
220        -- don't expand macros in changelog ;P
221               
222* Wed May 01 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl2
223- changed to use configure in build section
224        (can't build on sparc)
225
226* Fri Apr 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.6-0vl1
227- upstream release
228- fix security hole : buffer over flow
229
230* Thu Jan 24 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p2-0vl1
231- upstream release
232- updated sudo.rpmnonroot.diff
233
234* Fri Jan 18 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p1-0vl1
235- upstream release
236- added configure script option '--disable-root-mailer'
237
238* Tue Jan 15 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4p1-0vl1
239- upstream release
240- eliminated FAQ from %doc
241
242* Mon Jan 14 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4-0vl1
243- upstream release
244- added noreplace flag (%{_sysconfdir}/sudoers file is not replaced)
245- updated sudo.rpmnonroot.diff
246
247* Wed May 09 2001 <sagami@vinelinux.org>
248- 1.6.3p7-0vl2: follow up 1.6.2p6-0.6vl1
249
250* Fri Mar 02 2001 sagami@vinelinux.org
251- 1.6.3p7-0vl1
252- use better macros
253
254* Tue Mar 1 2001 Kunio Murasawa <murasawa@marineroad.com>
255- 1.6.3p6-0vl1
256- changed sudo.rpmnonroot.diff for 1.6.3p6
257
258* Tue Sep 19 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
259- 1.6.1-2vl5
260- patch -p1 -> patch -p0
261
262* Mon Sep 18 2000 MATSUMOTO Shoji <shom@vinelinux.org>
263- 1.6.1-2vl4
264- fix uid/gid to root.root
265- add sudo.rpmnonroot.diff to built by non-root users
266
267* Tue Sep 12 2000 Jun Nishii <jun@vinelinux.org>
268- 1.6.1-2vl3
269- fix attr
270
271* Sun Sep 10 2000 Jun Nishii <jun@vinelinux.org>
272- 1.6.1-2vl2
273- enable to build by non-root useres
274
275* Fri Sep 08 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
276- 1.6.1-2vl1
277- modified %files section to handle compressed man page(s)
278
279* Fri Jan  7 2000 Jun Nishii <jun@vinelinux.org>
280- change group
281
282* Thu Dec 30 1999 Jun Nishii <jun@vinelinux.org>
283- version 1.6.1
284- build for Vine Linux 2.0
285
286* Fri May 14  1999 Takeda Eiji <keda@flatout.org>
287- sudo reads $BuildRoot%{_sysconfdir}/sudoers. Make change to read /etc/sudoers.
288
289* Wed Apr 21 1999 Hiroto Watanabe <watanabe@cij.co.jp>
290- Initial Release
291
Note: See TracBrowser for help on using the repository browser.