Rebase to 1.9.17p2

- sudo-1.9.17p2 is available Resolves: rhbz#2383665
Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
2025-10-21 10:16:55 +02:00 · 2025-07-25 18:50:05 +00:00 · 2025-07-17 18:36:52 +00:00 · 2025-07-07 13:15:19 +02:00 · 2025-07-05 12:22:08 +02:00 · 2025-07-05 12:13:06 +02:00
3 changed files with 20 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -34,3 +34,5 @@
 /sudo-1.9.14p3.tar.gz
 /sudo-1.9.15p4.tar.gz
 /sudo-1.9.15p5.tar.gz
+/sudo-1.9.17p1.tar.gz
+/sudo-1.9.17p2.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (sudo-1.9.15p5.tar.gz) = ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a
+SHA512 (sudo-1.9.17p2.tar.gz) = c8abd6ca56e54a081c9ef1e9f6579d1db5b93ff857e60d1f58d1f425d7dc23c31c58d40b7819780688f66dfdf87a1f3bbe0a78387b007e2beb1b0e546203ea93
--- a/sudo.spec
+++ b/sudo.spec
@ -1,9 +1,9 @@
 # comment out if no extra version
-%global extraver p5
+%global extraver p2

 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.15
+Version: 1.9.17
 # remove -b 3 after rebase !!!
 # use "-p -e % {?extraver}" when beta
 # use "-e % {?extraver}"" when patch version
@ -76,14 +76,6 @@ BuildRequires:  python3-devel
 # Remove bundled copy of zlib
 rm -rf zlib/

-%ifarch s390 s390x sparc64
-F_PIE=-fPIE
-%else
-F_PIE=-fpie
-%endif
-
-export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
-
 %configure \
        --prefix=%{_prefix} \
        --sbindir=%{_sbindir} \
@ -111,26 +103,28 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
        --with-sssd
 #       --without-kerb5 \
 #       --without-kerb4
-make
+%make_build

 %check
-make check
+%make_build check

 %install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
+%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`

 chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
 install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
 install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
-#add sudo to protected packages
-install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
-touch sudo.conf
-echo sudo > sudo.conf
-install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
-rm -f sudo.conf
+# Add sudo to protected packages. Old location for yum/dnf.
+mkdir -p $RPM_BUILD_ROOT/etc/dnf/protected.d/
+echo "sudo" >$RPM_BUILD_ROOT/etc/dnf/protected.d/sudo.conf
+# Add sudo to protected packages. New location for dnf5.
+mkdir -p $RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/
+cat >$RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf <<EOF
+[main]
+protected_packages = sudo
+EOF

 chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files

@ -174,7 +168,6 @@ EOF


 %files -f sudo_all.lang
-%defattr(-,root,root)
 %attr(0440,root,root) %config(noreplace) /etc/sudoers
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
@ -182,6 +175,9 @@ EOF
 %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
 %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
 %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
+%dir /usr/share/dnf5
+%dir /usr/share/dnf5/libdnf.conf.d
+/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf
 %dir /var/db/sudo
 %dir /var/db/sudo/lectured
 %attr(4111,root,root) %{_bindir}/sudo
Author	SHA1	Message	Date
Alejandro López	2ead99a2b1	Rebase to 1.9.17p2 - sudo-1.9.17p2 is available Resolves: rhbz#2383665	2025-10-21 10:16:55 +02:00
Fedora Release Engineering	81e84c1f06	Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild	2025-07-25 18:50:05 +00:00
Radovan Sroka	f78ef048db	Merge #29 `Move yum/dnf protection removal config file under /usr`	2025-07-17 18:36:52 +00:00
Björn Esser	1899e2aa8d	Drop '-std=gnu17' from CFLAGS, as C23 builds fine now This was introduced in commit `e2e397029e` for an older version of sudo that was FTBFS for GCC 15 defaulting to C23. Signed-off-by: Björn Esser <besser82@fedoraproject.org>	2025-07-07 13:15:19 +02:00
Björn Esser	04179b5417	Re-apply changes from commit `e2e397029e` Signed-off-by: Björn Esser <besser82@fedoraproject.org>	2025-07-05 12:22:08 +02:00
Björn Esser	9641cbaa6b	Rebase to sudo 1.9.17p1 - sudo-1_9_16p2 is available Resolves: rhbz#2309626 - sudo: LPE via host option Resolves: CVE-2025-32462 - Properly apply system buildflags - Use new build macros, drop unneeded %%defattr Signed-off-by: Björn Esser <besser82@fedoraproject.org>	2025-07-05 12:13:06 +02:00
Python Maint	aa37372f8a	Rebuilt for Python 3.14	2025-06-02 20:53:02 +02:00
Zbigniew Jędrzejewski-Szmek	770b8e2647	Move yum/dnf protection removal config file under /usr https://github.com/uapi-group/specifications/issues/76 Actually, add a new file under /usr, but keep the old file in /etc because it's still needed for dnf. The new file in the new location is useful because it means that we get the correct behaviour even when /etc is emptied (on systems with new dnf version). dnf5 reads the new location: https://github.com/rpm-software-management/dnf5/issues/1107 https://github.com/rpm-software-management/dnf5/pull/1110	2025-03-12 07:34:49 +00:00
Yaakov Selkowitz	e2e397029e	Fix build with GCC 15 GCC 15 defaults to C23, which changes the interpretation of function declarations without parameters to be `void` rather than of an unknown number and type (as in K&R). The sudoers plugin relies on the older behaviour for its hook functions.	2025-02-26 12:59:14 -05:00
Fedora Release Engineering	ac16a17374	Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild	2025-01-19 11:50:30 +00:00
Fedora Release Engineering	f568249113	Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild	2024-07-20 06:36:47 +00:00
Python Maint	47db28a693	Rebuilt for Python 3.13	2024-06-07 09:11:33 +02:00
Adam Williamson	545c191f72	Backport upstream fix for tests with Python 3.13+	2024-05-02 23:09:47 -07:00