Rabase to 1.9.15p5

- sudo-1_9_15p5 is available
Resolves: rhbz#2248505
- TRIAGE CVE-2023-42465 sudo: Targeted Corruption of Register and Stack
Variables
Resolves: rhbz#2255569

Signed-off-by: Radovan Sroka <rsroka@redhat.com>

.gitignore

@@ -34,5 +34,3 @@
 /sudo-1.9.14p3.tar.gz
 /sudo-1.9.15p4.tar.gz
 /sudo-1.9.15p5.tar.gz
-/sudo-1.9.17p1.tar.gz
-/sudo-1.9.17p2.tar.gz

sources

@@ -1 +1 @@
-SHA512 (sudo-1.9.17p2.tar.gz) = c8abd6ca56e54a081c9ef1e9f6579d1db5b93ff857e60d1f58d1f425d7dc23c31c58d40b7819780688f66dfdf87a1f3bbe0a78387b007e2beb1b0e546203ea93
+SHA512 (sudo-1.9.15p5.tar.gz) = ebac69719de2fe7bd587924701bdd24149bf376a68b17ec02f69b2b96d4bb6fa5eb8260a073ec5ea046d3ac69bb5b1c0b9d61709fe6a56f1f66e40817a70b15a

sudo.spec

@@ -1,9 +1,9 @@
 # comment out if no extra version
-%global extraver p2
+%global extraver p5
 
 Summary: Allows restricted root access for specified users
 Name: sudo
-Version: 1.9.17
+Version: 1.9.15
 # remove -b 3 after rebase !!!
 # use "-p -e % {?extraver}" when beta
 # use "-e % {?extraver}"" when patch version
@@ -26,7 +26,7 @@ BuildRequires: bison
 BuildRequires: libtool
 BuildRequires: audit-libs-devel libcap-devel
 BuildRequires: libselinux-devel
-BuildRequires: systemd-rpm-macros
+BuildRequires: sendmail
 BuildRequires: gettext
 BuildRequires: zlib-devel
 
@@ -70,18 +70,25 @@ BuildRequires:  python3-devel
 %{name}-python-plugin allows using sudo plugins written in Python.
 
 %prep
-%autosetup -p1 -n %{name}-%{version}%{?extraver}
+%setup -q -n %{name}-%{version}%{?extraver}
 
 %build
 # Remove bundled copy of zlib
 rm -rf zlib/
 
+%ifarch s390 s390x sparc64
+F_PIE=-fPIE
+%else
+F_PIE=-fpie
+%endif
+
+export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
+
 %configure \
         --prefix=%{_prefix} \
         --sbindir=%{_sbindir} \
         --libdir=%{_libdir} \
         --docdir=%{_pkgdocdir} \
-        --enable-tmpfiles.d=%{_tmpfilesdir} \
         --enable-openssl \
         --disable-root-mailer \
         --disable-intercept \
@@ -95,7 +102,6 @@ rm -rf zlib/
         --with-tty-tickets \
         --with-ldap \
         --with-selinux \
-        --with-sendmail=/usr/sbin/sendmail \
         --with-passprompt="[sudo] password for %p: " \
         --enable-python \
         --enable-zlib=system \
@@ -103,28 +109,26 @@ rm -rf zlib/
         --with-sssd
 #       --without-kerb5 \
 #       --without-kerb4
-%make_build
+make
 
 %check
-%make_build check
+make check
 
 %install
-%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
 
 chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
 install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
 install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
 install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
-# Add sudo to protected packages. Old location for yum/dnf.
-mkdir -p $RPM_BUILD_ROOT/etc/dnf/protected.d/
-echo "sudo" >$RPM_BUILD_ROOT/etc/dnf/protected.d/sudo.conf
-# Add sudo to protected packages. New location for dnf5.
-mkdir -p $RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/
-cat >$RPM_BUILD_ROOT/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf <<EOF
-[main]
-protected_packages = sudo
-EOF
+#add sudo to protected packages
+install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
+touch sudo.conf
+echo sudo > sudo.conf
+install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
+rm -f sudo.conf
 
 chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
 
@@ -168,6 +172,7 @@ EOF
 
 
 %files -f sudo_all.lang
+%defattr(-,root,root)
 %attr(0440,root,root) %config(noreplace) /etc/sudoers
 %attr(0750,root,root) %dir /etc/sudoers.d/
 %config(noreplace) /etc/pam.d/sudo
@@ -175,9 +180,6 @@ EOF
 %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
 %attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
 %attr(0640,root,root) %config(noreplace) /etc/sudo.conf
-%dir /usr/share/dnf5
-%dir /usr/share/dnf5/libdnf.conf.d
-/usr/share/dnf5/libdnf.conf.d/protect-sudo.conf
 %dir /var/db/sudo
 %dir /var/db/sudo/lectured
 %attr(4111,root,root) %{_bindir}/sudo