Update to sudo-1.8.21p2

update to 1.8.20p2
added sudo to dnf/yum protected packages
2017-10-04 15:37:49 +02:00 · 2017-06-01 13:07:20 +02:00 · 2017-05-31 09:13:04 +02:00 · 2017-04-03 15:31:38 +02:00 · 2016-11-08 14:21:34 +01:00 · 2016-09-21 17:23:08 +02:00
4 changed files with 53 additions and 63 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,11 @@
 /sudo-1.8.16.tar.gz
 /sudo-1.8.17p1.tar.gz
 /sudo-1.8.18b2.tar.gz
 /sudo-1.8.18rc2.tar.gz
 /sudo-1.8.18rc4.tar.gz
 /sudo-1.8.18.tar.gz
 /sudo-1.8.18p1.tar.gz
 /sudo-1.8.19p2.tar.gz
 /sudo-1.8.20p1.tar.gz
 /sudo-1.8.20p2.tar.gz
 /sudo-1.8.21p2.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-50a840a688ceb6fa3ab24fc0adf4fa23  sudo-1.8.17p1.tar.gz
+SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c
--- a/sudo-1.8.14p1-ldapconfpatch.patch
+++ b/sudo-1.8.14p1-ldapconfpatch.patch
@ -1,55 +0,0 @@
 diff -up sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.14b3/plugins/sudoers/ldap.c
 --- sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch	2015-07-07 18:51:11.000000000 +0200
 +++ sudo-1.8.14b3/plugins/sudoers/ldap.c	2015-07-09 11:03:25.686645581 +0200
@@ -1922,6 +1922,33 @@ sudo_check_krb5_ccname(const char *ccnam
 }
 #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
 +/*
 + * Read a line of input, remove whole line comments and strip off leading
 + * and trailing spaces.  Returns static storage that is reused.
 + */
 +static char *
 +sudo_ldap_parseln(fp)
 +    FILE *fp;
 +{
 +    size_t len;
 +    char *cp = NULL;
 +    static char buf[LINE_MAX];
 +
 +    if (fgets(buf, sizeof(buf), fp) != NULL) {
 +	/* Remove comments */
 +	if (*buf == '#')
 +	    *buf = '\0';
 +
 +	/* Trim leading and trailing whitespace/newline */
 +	len = strlen(buf);
 +	while (len > 0 && isspace((unsigned char)buf[len - 1]))
 +	    buf[--len] = '\0';
 +	for (cp = buf; isblank(*cp); cp++)
 +	    continue;
 +    }
 +    return(cp);
 +}
 +
 static bool
 sudo_ldap_read_config(void)
 {
@@ -1955,7 +1982,7 @@ sudo_ldap_read_config(void)
     if ((fp = fopen(path_ldap_conf, "r")) == NULL)
 	debug_return_bool(false);
 -    while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {
 +    while ((line = sudo_ldap_parseln(fp)) != NULL) {
 	if (*line == '\0')
 	    continue;		/* skip empty line */
@@ -1975,7 +2002,7 @@ sudo_ldap_read_config(void)
 	if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global))
 	    sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn);
     }
 -    free(line);
 +
     fclose(fp);
     if (!ldap_conf.host) {
--- a/sudo.spec
+++ b/sudo.spec
@ -1,11 +1,11 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.8.17p1
+Version: 1.8.21p2
 Release: 1%{?dist}
 License: ISC
 Group: Applications/System
-URL: http://www.courtesan.com/sudo/
+URL: https://www.sudo.ws/
-Source0: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
+Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
 Source1: sudoers
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: /etc/pam.d/system-auth
@ -26,8 +26,6 @@ BuildRequires: zlib-devel
 # don't strip
 Patch1: sudo-1.6.7p5-strip.patch
 # Patch to read ldap.conf more closely to nss_ldap
 Patch2: sudo-1.8.14p1-ldapconfpatch.patch
 %description
 Sudo (superuser do) allows a system administrator to give certain
@ -53,7 +51,6 @@ plugins that use %{name}.
 %setup -q
 %patch1 -p1 -b .strip
 %patch2 -p1 -b .ldapconfpatch
 %build
 # Remove bundled copy of zlib
@ -73,6 +70,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
        --sbindir=%{_sbindir} \
        --libdir=%{_libdir} \
        --docdir=%{_pkgdocdir} \
        --disable-root-mailer \
        --with-logging=syslog \
        --with-logfac=authpriv \
        --with-pam \
@ -102,6 +100,12 @@ install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
 install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
 install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
 #add sudo to protected packages
 install -p -d -m 755 $RPM_BUILD_ROOT/etc/yum/protected.d/
 touch sudo.conf
 echo sudo > sudo.conf
 install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/yum/protected.d/
 rm -f sudo.conf
 chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
@ -117,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
 #Remove all .la files
 find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 # Remove sudoers.dist
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
 %find_lang sudo
 %find_lang sudoers
@ -154,6 +161,7 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) /etc/pam.d/sudo
 %config(noreplace) /etc/pam.d/sudo-i
 %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
 %attr(0644,root,root) /etc/yum/protected.d/sudo.conf
 %dir /var/db/sudo
 %dir /var/db/sudo/lectured
 %attr(4111,root,root) %{_bindir}/sudo
@ -168,6 +176,7 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
 %attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
 %{_libexecdir}/sudo/libsudo_util.so.?
 %{_libexecdir}/sudo/libsudo_util.so
 %{_mandir}/man5/sudoers.5*
 %{_mandir}/man5/sudoers.ldap.5*
 %{_mandir}/man5/sudo.conf.5*
@ -191,9 +200,36 @@ rm -rf $RPM_BUILD_ROOT
 %doc plugins/sample/sample_plugin.c
 %{_includedir}/sudo_plugin.h
 %{_mandir}/man8/sudo_plugin.8*
 %{_libexecdir}/sudo/libsudo_util.so
 %changelog
 * Thu Sep 21 2017 Marek Tamaskovic <mtamasko@redhat.com> - 1.8.21p2-1
 - update to 1.8.21p2
 - Moved libsudo_util.so from the -devel sub-package to main package (1481225)
 * Thu Jun 01 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p2-1
 - update to 1.8.20p2
 - added sudo to dnf/yum protected packages
 * Wed May 31 2017 Daniel Kopecek <dkopecek@redhat.com> 1.8.20p1-1
 - update to 1.8.20p1
 - fixes CVE-2017-1000367
  Resolves: rhbz#1456884
 * Mon Apr 03 2017 Jiri Vymazal <jvymazal@redhat.com> 1.8.19p2-1
 - update to 1.8.19p2
 - updated URL and source0 as upstream changed domain
 * Tue Nov 08 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.18p1-1
 - update to 1.8.18p1
 - fixes CVE-2016-7076
 * Wed Sep 21 2016 Radovan Sroka <rsroka@redhat.com> 1.8.18-1
 - update to 1.8.18
 - dropped sudo-1.8.14p1-ldapconfpatch.patch
  upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html
 - added --disable-root-mailer as configure option
  Resolves: rhbz#1324091
 * Fri Jun 24 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.17p1-1
 - update to 1.8.17p1
 - install the /var/db/sudo/lectured
Author	SHA1	Message	Date
Marek Tamaskovic	5c63394874	Update to sudo-1.8.21p2	2017-10-04 15:37:49 +02:00
Daniel Kopeček	039140a51d	update to 1.8.20p2 added sudo to dnf/yum protected packages	2017-06-01 13:07:20 +02:00
Daniel Kopeček	98199dc3ed	update to 1.8.20p1 fixes CVE-2017-1000367 Resolves: rhbz#1456884	2017-05-31 09:13:04 +02:00
Jiri Vymazal	90a132a69b	* Mon Apr 03 2017 Jiri Vymazal <jvymazal@redhat.com> 1.8.19p2-1 - update to 1.8.19p2 - updated URL and source0 as upstream changed domain	2017-04-03 15:31:38 +02:00
Daniel Kopecek	dcf541d6dd	update to 1.8.18p1 - fixes CVE-2016-7076	2016-11-08 14:21:34 +01:00
Radovan Sroka	5cca8afb18	update to 1.8.18 - dropped sudo-1.8.14p1-ldapconfpatch.patch upstreamed --> https://www.sudo.ws/pipermail/sudo-workers/2016-September/001006.html - added --disable-root-mailer as configure option Resolves: rhbz#1324091	2016-09-21 17:23:08 +02:00
`@ -1 +1 @@`
	`50a840a688ceb6fa3ab24fc0adf4fa23 sudo-1.8.17p1.tar.gz`	`SHA512 (sudo-1.8.21p2.tar.gz) = f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c`