From 3b2065d554ac511a2b0536159654fb8382f46015 Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Aug 20 2007 12:11:21 +0000 Subject: - upgrade to upstream release --- diff --git a/.cvsignore b/.cvsignore index 5dec609..d497c72 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -sudo-1.6.8p12.tar.gz +sudo-1.6.9p4.tar.gz sudo-1.6.8p12-sudoers diff --git a/sources b/sources index e15700e..48eb9d9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -b29893c06192df6230dd5f340f3badf5 sudo-1.6.8p12.tar.gz +5439d24b48db69d2b6b42e97b47fdfd6 sudo-1.6.9p4.tar.gz 3dad7cdd28925f9bdf387510961f8e9f sudo-1.6.8p12-sudoers diff --git a/sudo-1.6.8p12-env-reset.patch b/sudo-1.6.8p12-env-reset.patch deleted file mode 100644 index 2bf6195..0000000 --- a/sudo-1.6.8p12-env-reset.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- sudo-1.6.8p12/sudoers.env_reset 2006-02-08 16:58:15.000000000 +0100 -+++ sudo-1.6.8p12/sudoers 2006-02-08 16:59:02.000000000 +0100 -@@ -13,6 +13,14 @@ - - # Defaults specification - -+Defaults env_reset -+Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ -+ LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ -+ LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ -+ LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ -+ LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ -+ _XKB_CHARSET" -+ - # Runas alias specification - - # User privilege specification diff --git a/sudo-1.6.8p12-getgrouplist.patch b/sudo-1.6.8p12-getgrouplist.patch deleted file mode 100644 index 998bf15..0000000 --- a/sudo-1.6.8p12-getgrouplist.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- sudo-1.6.8p12/configure.in.getgrouplist 2007-04-12 10:16:12.000000000 +0200 -+++ sudo-1.6.8p12/configure.in 2007-04-12 10:18:16.000000000 +0200 -@@ -1694,7 +1694,7 @@ - dnl Function checks - dnl - AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ -- strftime setrlimit initgroups fstat gettimeofday) -+ strftime setrlimit initgroups getgrouplist fstat gettimeofday) - AC_CHECK_FUNCS(seteuid, , [AC_DEFINE(NO_SAVED_IDS)]) - if test -z "$SKIP_SETRESUID"; then - AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) ---- sudo-1.6.8p12/configure.getgrouplist 2005-10-28 02:48:25.000000000 +0200 -+++ sudo-1.6.8p12/configure 2007-04-12 10:18:16.000000000 +0200 -@@ -24677,7 +24677,7 @@ - - - for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \ -- strftime setrlimit initgroups fstat gettimeofday -+ strftime setrlimit initgroups getgrouplist fstat gettimeofday - do - as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` - echo "$as_me:$LINENO: checking for $ac_func" >&5 ---- sudo-1.6.8p12/check.c.getgrouplist 2005-03-25 02:55:31.000000000 +0100 -+++ sudo-1.6.8p12/check.c 2007-04-12 10:18:16.000000000 +0200 -@@ -299,6 +299,24 @@ - return(TRUE); - } - -+#ifdef HAVE_GETGROUPLIST -+ { -+ gid_t *grouplist, grouptmp; -+ int n_groups, i; -+ n_groups = 1; -+ if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) { -+ grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1)); -+ if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0) -+ for (i = 0; i < n_groups; i++) -+ if (grouplist[i] == grp->gr_gid) { -+ free(grouplist); -+ return(TRUE); -+ } -+ free(grouplist); -+ } -+ } -+#endif -+ - return(FALSE); - } - ---- sudo-1.6.8p12/config.h.in.getgrouplist 2007-04-12 10:16:12.000000000 +0200 -+++ sudo-1.6.8p12/config.h.in 2007-04-12 10:18:16.000000000 +0200 -@@ -122,6 +122,9 @@ - /* Define to 1 if you have the `getdomainname' function. */ - #undef HAVE_GETDOMAINNAME - -+/* Define to 1 if you have the `getgrouplist' function. */ -+#undef HAVE_GETGROUPLIST -+ - /* Define to 1 if you have the `getifaddrs' function. */ - #undef HAVE_GETIFADDRS - diff --git a/sudo-1.6.8p12-ipv6.patch b/sudo-1.6.8p12-ipv6.patch deleted file mode 100644 index bf0ec83..0000000 --- a/sudo-1.6.8p12-ipv6.patch +++ /dev/null @@ -1,611 +0,0 @@ ---- sudo-1.6.8p12/Makefile.in.ipv6 2005-11-08 19:21:58.000000000 +0100 -+++ sudo-1.6.8p12/Makefile.in 2006-07-16 23:33:58.000000000 +0200 -@@ -187,14 +187,14 @@ - @DEV@PARSESRCS = sudo.tab.h sudo.tab.c lex.yy.c def_data.c def_data.h - - # Uncomment the following if you intend to modify parse.yacc --@DEV@sudo.tab.c sudo.tab.h: parse.yacc --@DEV@ rm -f sudo.tab.h sudo.tab.c --@DEV@ $(YACC) -d -b sudo $(srcdir)/parse.yacc -+sudo.tab.c sudo.tab.h: parse.yacc -+ rm -f sudo.tab.h sudo.tab.c -+ $(YACC) -d -b sudo $(srcdir)/parse.yacc - - # Uncomment the following if you intend to modify parse.lex --@DEV@lex.yy.c: parse.lex --@DEV@ rm -f lex.yy.c --@DEV@ $(LEX) $(srcdir)/parse.lex -+lex.yy.c: parse.lex -+ rm -f lex.yy.c -+ $(LEX) $(srcdir)/parse.lex - - # Uncomment the following if you intend to modify def_data.in - @DEV@def_data.h def_data.c: def_data.in ---- sudo-1.6.8p12/visudo.c.ipv6 2004-11-25 18:32:40.000000000 +0100 -+++ sudo-1.6.8p12/visudo.c 2006-07-16 23:33:58.000000000 +0200 -@@ -87,6 +87,7 @@ - static int check_syntax __P((int)); - int command_matches __P((char *, char *)); - int addr_matches __P((char *)); -+int addr6_matches __P((char *)); - int hostname_matches __P((char *, char *, char *)); - int netgr_matches __P((char *, char *, char *, char *)); - int usergr_matches __P((char *, char *, struct passwd *)); -@@ -515,6 +516,12 @@ - return(TRUE); - } - -+int addr6_matches(n) -+ char *n; -+{ -+ return(TRUE); -+} -+ - int - hostname_matches(s, l, p) - char *s, *l, *p; ---- sudo-1.6.8p12/parse.lex.ipv6 2004-05-17 22:51:13.000000000 +0200 -+++ sudo-1.6.8p12/parse.lex 2006-07-16 23:33:58.000000000 +0200 -@@ -84,6 +84,29 @@ - - OCTET (1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]) - DOTTEDQUAD {OCTET}(\.{OCTET}){3} -+ -+IPV6_8HEX ([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4} -+ -+IPV6_COMP0 :(:[0-9A-Fa-f]{1,4}){1,7} -+IPV6_COMP1 ([0-9A-Fa-f]{1,4}){1}:(:[0-9A-Fa-f]{1,4}){0,6} -+IPV6_COMP2 ([0-9A-Fa-f]{1,4}){2}:(:[0-9A-Fa-f]{1,4}){0,5} -+IPV6_COMP3 ([0-9A-Fa-f]{1,4}){3}:(:[0-9A-Fa-f]{1,4}){0,4} -+IPV6_COMP4 ([0-9A-Fa-f]{1,4}){4}:(:[0-9A-Fa-f]{1,4}){0,3} -+IPV6_COMP5 ([0-9A-Fa-f]{1,4}){5}:(:[0-9A-Fa-f]{1,4}){0,2} -+IPV6_COMP6 ([0-9A-Fa-f]{1,4}){6}:(:[0-9A-Fa-f]{1,4}){0,1} -+IPV6_COMPHEX {IPV6_COMP0}|{IPV6_COMP1}|{IPV6_COMP2}|{IPV6_COMP3}|{IPV6_COMP4}|{IPV6_COMP5}|{IPV6_COMP6} -+ -+IPV6_6H4D [0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){5}{DOTTEDQUAD} -+ -+IPV6_COMP6H4D0 ([0-9A-Fa-f]{1,4}){1}:(:[0-9A-Fa-f]{1,4}){1,4}:{DOTTEDQUAD} -+IPV6_COMP6H4D1 ([0-9A-Fa-f]{1,4}){2}:(:[0-9A-Fa-f]{1,4}){1,3}:{DOTTEDQUAD} -+IPV6_COMP6H4D2 ([0-9A-Fa-f]{1,4}){3}:(:[0-9A-Fa-f]{1,4}){1,2}:{DOTTEDQUAD} -+IPV6_COMP6H4D3 ([0-9A-Fa-f]{1,4}){4}:(:[0-9A-Fa-f]{1,4}){1}:{DOTTEDQUAD} -+IPV6_COMP6H4D {IPV6_COMP6H4D0}|{IPV6_COMP6H4D1}|{IPV6_COMP6H4D2}|{IPV6_COMP6H4D3} -+ -+IPV6ADDR {IPV6_8HEX}|{IPV6_COMPHEX}|{IPV6_6H4D}|{IPV6_COMP6H4D} -+IPV6PREFIX [1-9]|[1-9][0-9]|10[0-9]|11[0-9]|12[0-8] -+ - HOSTNAME [[:alnum:]_-]+ - WORD ([^#>@!=:,\(\) \t\n\\]|\\[^\n])+ - ENVAR ([^#!=, \t\n\\]|\\[^\n])([^#=, \t\n\\]|\\[^\n])* -@@ -253,6 +276,11 @@ - LEXTRACE("NTWKADDR "); - return(NTWKADDR); - } -+{IPV6ADDR}(\/{IPV6PREFIX})? { -+ fill(yytext, yyleng); -+ LEXTRACE("NTWKADDR6 "); -+ return(NTWKADDR6); -+ } - - \( { - BEGIN GOTRUNAS; ---- sudo-1.6.8p12/ldap.c.ipv6 2006-07-16 23:45:35.000000000 +0200 -+++ sudo-1.6.8p12/ldap.c 2006-07-16 23:59:56.000000000 +0200 -@@ -160,6 +160,7 @@ - if ( - !strcasecmp(*p,"ALL") || - addr_matches(*p) || -+ addr6_matches(*p) || - netgr_matches(*p,user_host,user_shost,NULL) || - !hostname_matches(user_shost,user_host,*p) - ) ---- sudo-1.6.8p12/parse.h.ipv6 2005-06-19 20:58:19.000000000 +0200 -+++ sudo-1.6.8p12/parse.h 2006-07-16 23:33:58.000000000 +0200 -@@ -93,6 +93,7 @@ - * Prototypes - */ - int addr_matches __P((char *)); -+int addr6_matches __P((char *)); - int command_matches __P((char *, char *)); - int hostname_matches __P((char *, char *, char *)); - int netgr_matches __P((char *, char *, char *, char *)); ---- sudo-1.6.8p12/interfaces.h.ipv6 2004-02-13 22:36:43.000000000 +0100 -+++ sudo-1.6.8p12/interfaces.h 2006-07-16 23:33:58.000000000 +0200 -@@ -27,8 +27,11 @@ - * IP address and netmask pairs for checking against local interfaces. - */ - struct interface { -- struct in_addr addr; -+ struct in_addr addr; /* IPv4 */ - struct in_addr netmask; -+ struct in6_addr addr6; /* IPv6 */ -+ struct in6_addr netmask6; -+ sa_family_t sa_family; /* AF_INET ? AF_INET6 */ - }; - - /* ---- sudo-1.6.8p12/parse.c.ipv6 2005-06-19 22:03:24.000000000 +0200 -+++ sudo-1.6.8p12/parse.c 2006-07-16 23:57:20.000000000 +0200 -@@ -370,38 +370,134 @@ - int i; - char *m; - struct in_addr addr, mask; -+ struct addrinfo hints, *ai; -+ -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST; -+ hints.ai_family = AF_INET; - - /* If there's an explicit netmask, use it. */ - if ((m = strchr(n, '/'))) { -+ - *m++ = '\0'; -- addr.s_addr = inet_addr(n); -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr.s_addr, &((struct sockaddr_in *)ai->ai_addr)->sin_addr, -+ sizeof(struct in_addr)); -+ freeaddrinfo(ai); -+ - if (strchr(m, '.')) -- mask.s_addr = inet_addr(m); -- else { -- i = 32 - atoi(m); -- mask.s_addr = 0xffffffff; -- mask.s_addr >>= i; -- mask.s_addr <<= i; -- mask.s_addr = htonl(mask.s_addr); -+ { -+ if (getaddrinfo(m, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&mask.s_addr, /* IPv4 netmask from dotted quad */ -+ &((struct sockaddr_in *)ai->ai_addr)->sin_addr, -+ sizeof(struct in_addr)); - } -+ else -+ { -+ i = 32 - atoi(m); /* IPv4 netmask from CIDR */ -+ mask.s_addr = 0xffffffff; -+ mask.s_addr >>= i; -+ mask.s_addr <<= i; -+ mask.s_addr = htonl(mask.s_addr); -+ } -+ - *(m - 1) = '/'; - -- for (i = 0; i < num_interfaces; i++) -- if ((interfaces[i].addr.s_addr & mask.s_addr) == addr.s_addr) -- return(TRUE); -+ for (i = 0; i < num_interfaces; ++i) -+ if (interfaces[i].sa_family == AF_INET) /* IPv4 intf. only */ -+ if ((interfaces[i].addr.s_addr & mask.s_addr) == addr.s_addr) -+ return (TRUE); - } else { -- addr.s_addr = inet_addr(n); -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr.s_addr, &((struct sockaddr_in *)ai->ai_addr)->sin_addr, -+ sizeof(struct in_addr)); -+ freeaddrinfo(ai); - - for (i = 0; i < num_interfaces; i++) -- if (interfaces[i].addr.s_addr == addr.s_addr || -- (interfaces[i].addr.s_addr & interfaces[i].netmask.s_addr) -- == addr.s_addr) -- return(TRUE); -+ if (interfaces[i].sa_family == AF_INET) /* IPv4 intf. only */ -+ if (interfaces[i].addr.s_addr == addr.s_addr || -+ (interfaces[i].addr.s_addr & interfaces[i].netmask.s_addr) -+ == addr.s_addr) -+ return(TRUE); - } - - return(FALSE); - } - -+int -+addr6_matches(n) -+char *n; -+{ -+ int i, j; -+ uint32_t msk[4] = {0, 0, 0, 0}; /* 32x4 */ -+ uint32_t addr[4], i_msk[4], i_addr[4]; -+ char *m; -+ struct addrinfo hints, *ai; -+ -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST; -+ hints.ai_family = AF_INET6; -+ -+ /* we have IPv6 prefix */ -+ if ((m = strchr(n, '/'))) { -+ *m++ = '\0'; -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, 16); -+ freeaddrinfo(ai); -+ -+ for (i=0; i < (atoi(m)/32); ++i) -+ msk[i] = 0xffffffff; -+ if (atoi(m)<128 && (atoi(m) % 32)) -+ { -+ msk[atoi(m)/32] = 0xffffffff; -+ msk[atoi(m)/32] >>= ( 32 - (atoi(m) % 32) ); -+ msk[atoi(m)/32] <<= ( 32 - (atoi(m) % 32) ); -+ } -+ for (i=0; i<4; ++i) -+ msk[i] = htonl(msk[i]); -+ -+ *(m - 1) = '/'; -+ -+ for (i=0; i < num_interfaces; i++) -+ if (interfaces[i].sa_family == AF_INET6) /* compare only IPv6 intf. */ -+ { -+ /* nasty */ -+ memcpy(&i_addr, &interfaces[i].addr6, 16); -+ if ( ((i_addr[0] & msk[0]) == addr[0]) && -+ ((i_addr[1] & msk[1]) == addr[1]) && -+ ((i_addr[2] & msk[2]) == addr[2]) && -+ ((i_addr[3] & msk[3]) == addr[3])) -+ return(TRUE); -+ } -+ } else { -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, 16); -+ freeaddrinfo(ai); -+ -+ for (i=0; i < num_interfaces; ++i) -+ if (interfaces[i].sa_family == AF_INET6) /* IPv6 intf. only */ -+ { -+ memcpy(&i_addr, &interfaces[i].addr6, 16); -+ if ((i_addr[0] == addr[0]) && (i_addr[1] == addr[1]) && -+ (i_addr[2] == addr[2]) && (i_addr[3] == addr[3])) -+ return(TRUE); /* found my own address in sudoers */ -+ -+ memcpy(&i_msk, &interfaces[i].netmask6, 16); -+ if (((i_addr[0]&i_msk[0]) == addr[0]) && -+ ((i_addr[1]&i_msk[1]) == addr[1]) && -+ ((i_addr[2]&i_msk[2]) == addr[2]) && -+ ((i_addr[3]&i_msk[3]) == addr[3])) -+ return(TRUE); /* found my netw. address in sudoers */ -+ } -+ } -+ return(FALSE); -+} -+ - /* - * Returns 0 if the hostname matches the pattern and non-zero otherwise. - */ ---- sudo-1.6.8p12/sudo.c.ipv6 2006-07-16 23:33:58.000000000 +0200 -+++ sudo-1.6.8p12/sudo.c 2006-07-16 23:33:58.000000000 +0200 -@@ -1007,24 +1007,34 @@ - void - set_fqdn() - { -- struct hostent *hp; -+ struct addrinfo hints, *ai; - char *p; - -- if (!(hp = gethostbyname(user_host))) { -- log_error(MSG_ONLY|NO_EXIT, -- "unable to lookup %s via gethostbyname()", user_host); -- } else { -- if (user_shost != user_host) -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_flags = AI_ADDRCONFIG; -+ -+ if (getaddrinfo(user_host, NULL, &hints, &ai) != 0) -+ { -+ log_error(MSG_ONLY|NO_EXIT, -+ "unable to lookup %s via gethostbyname()", user_host); -+ } -+ else -+ { -+ char h_name[NI_MAXHOST]; -+ -+ if (user_host != user_host) - free(user_shost); -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, h_name, sizeof(h_name), NULL, 0, 0); - free(user_host); -- user_host = estrdup(hp->h_name); -+ user_host = estrdup(h_name); - } - if ((p = strchr(user_host, '.'))) { -- *p = '\0'; -- user_shost = estrdup(user_host); -- *p = '.'; -+ *p = '\0'; -+ user_shost = estrdup(user_host); -+ *p = '.'; - } else { -- user_shost = user_host; -+ user_shost = user_host; - } - } - ---- sudo-1.6.8p12/parse.yacc.ipv6 2005-06-19 20:24:32.000000000 +0200 -+++ sudo-1.6.8p12/parse.yacc 2006-07-16 23:33:58.000000000 +0200 -@@ -250,6 +250,7 @@ - %token RUNASALIAS /* Runas_Alias keyword */ - %token ':' '=' ',' '!' '+' '-' /* union member tokens */ - %token ERROR -+%token NTWKADDR6 /* IPv6 address */ - - /* - * NOTE: these are not true booleans as there are actually 4 possible values: -@@ -395,6 +396,13 @@ - $$ = NOMATCH; - free($1); - } -+ | NTWKADDR6 { -+ if (addr6_matches($1)) -+ $$ = TRUE; -+ else -+ $$ = NOMATCH; -+ free($1); -+ } - | NETGROUP { - if (netgr_matches($1, user_host, user_shost, NULL)) - $$ = TRUE; ---- sudo-1.6.8p12/testsudoers.c.ipv6 2004-08-02 20:44:58.000000000 +0200 -+++ sudo-1.6.8p12/testsudoers.c 2006-07-17 00:03:50.000000000 +0200 -@@ -175,6 +175,10 @@ - } - } - -+/* -+ * Returns TRUE if "n" is one of our ip addresses or if -+ * "n" is a network that we are on, else returns FALSE. -+ */ - int - addr_matches(n) - char *n; -@@ -182,39 +186,136 @@ - int i; - char *m; - struct in_addr addr, mask; -+ struct addrinfo hints, *ai; -+ -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST; -+ hints.ai_family = AF_INET; - - /* If there's an explicit netmask, use it. */ - if ((m = strchr(n, '/'))) { -- *m++ = '\0'; -- addr.s_addr = inet_addr(n); -- if (strchr(m, '.')) -- mask.s_addr = inet_addr(m); -- else { -- i = 32 - atoi(m); -- mask.s_addr = 0xffffffff; -- mask.s_addr >>= i; -- mask.s_addr <<= i; -- mask.s_addr = htonl(mask.s_addr); -- } -- *(m - 1) = '/'; - -- for (i = 0; i < num_interfaces; i++) -- if ((interfaces[i].addr.s_addr & mask.s_addr) == addr.s_addr) -- return(TRUE); -+ *m++ = '\0'; -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr.s_addr, &((struct sockaddr_in *)ai->ai_addr)->sin_addr, -+ sizeof(struct in_addr)); -+ freeaddrinfo(ai); -+ -+ if (strchr(m, '.')) -+ { -+ if (getaddrinfo(m, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&mask.s_addr, /* IPv4 netmask from dotted quad */ -+ &((struct sockaddr_in *)ai->ai_addr)->sin_addr, -+ sizeof(struct in_addr)); -+ } -+ else -+ { -+ i = 32 - atoi(m); /* IPv4 netmask from CIDR */ -+ mask.s_addr = 0xffffffff; -+ mask.s_addr >>= i; -+ mask.s_addr <<= i; -+ mask.s_addr = htonl(mask.s_addr); -+ } -+ -+ *(m - 1) = '/'; -+ -+ for (i = 0; i < num_interfaces; ++i) -+ if (interfaces[i].sa_family == AF_INET) /* IPv4 intf. only */ -+ if ((interfaces[i].addr.s_addr & mask.s_addr) == addr.s_addr) -+ return(TRUE); - } else { -- addr.s_addr = inet_addr(n); -- -- for (i = 0; i < num_interfaces; i++) -- if (interfaces[i].addr.s_addr == addr.s_addr || -- (interfaces[i].addr.s_addr & interfaces[i].netmask.s_addr) -- == addr.s_addr) -- return(TRUE); -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr.s_addr, &((struct sockaddr_in *)ai->ai_addr)->sin_addr, -+ sizeof(struct in_addr)); -+ freeaddrinfo(ai); -+ -+ for (i = 0; i < num_interfaces; i++) -+ if (interfaces[i].sa_family == AF_INET) /* IPv4 intf. only */ -+ if (interfaces[i].addr.s_addr == addr.s_addr || -+ (interfaces[i].addr.s_addr & interfaces[i].netmask.s_addr) -+ == addr.s_addr) -+ return(TRUE); - } - - return(FALSE); - } - - int -+addr6_matches(n) -+char *n; -+{ -+ int i, j; -+ uint32_t msk[4] = {0, 0, 0, 0}; /* 32x4 */ -+ uint32_t addr[4], i_msk[4], i_addr[4]; -+ char *m; -+ struct addrinfo hints, *ai; -+ -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST; -+ hints.ai_family = AF_INET6; -+ -+ /* we have IPv6 prefix */ -+ if ((m = strchr(n, '/'))) { -+ *m++ = '\0'; -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, 16); -+ freeaddrinfo(ai); -+ -+ for (i=0; i < (atoi(m)/32); ++i) -+ msk[i] = 0xffffffff; -+ if (atoi(m)<128 && (atoi(m) % 32)) -+ { -+ msk[atoi(m)/32] = 0xffffffff; -+ msk[atoi(m)/32] >>= ( 32 - (atoi(m) % 32) ); -+ msk[atoi(m)/32] <<= ( 32 - (atoi(m) % 32) ); -+ } -+ for (i=0; i<4; ++i) -+ msk[i] = htonl(msk[i]); -+ -+ *(m - 1) = '/'; -+ -+ for (i=0; i < num_interfaces; i++) -+ if (interfaces[i].sa_family == AF_INET6) /* compare only IPv6 intf. */ -+ { -+ /* nasty */ -+ memcpy(&i_addr, &interfaces[i].addr6, 16); -+ if ( ((i_addr[0] & msk[0]) == addr[0]) && -+ ((i_addr[1] & msk[1]) == addr[1]) && -+ ((i_addr[2] & msk[2]) == addr[2]) && -+ ((i_addr[3] & msk[3]) == addr[3])) -+ return (TRUE); -+ } -+ } else { -+ if (getaddrinfo(n, NULL, &hints, &ai)!=0) -+ return(FALSE); -+ memcpy(&addr, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, 16); -+ freeaddrinfo(ai); -+ -+ for (i=0; i < num_interfaces; ++i) -+ if (interfaces[i].sa_family == AF_INET6) /* IPv6 intf. only */ -+ { -+ memcpy(&i_addr, &interfaces[i].addr6, 16); -+ if ((i_addr[0] == addr[0]) && (i_addr[1] == addr[1]) && -+ (i_addr[2] == addr[2]) && (i_addr[3] == addr[3])) -+ return (TRUE); /* found my own address in sudoers */ -+ -+ memcpy(&i_msk, &interfaces[i].netmask6, 16); -+ if (((i_addr[0]&i_msk[0]) == addr[0]) && -+ ((i_addr[1]&i_msk[1]) == addr[1]) && -+ ((i_addr[2]&i_msk[2]) == addr[2]) && -+ ((i_addr[3]&i_msk[3]) == addr[3])) -+ return (TRUE); /* found my netw. address in sudoers */ -+ } -+ } -+ return(FALSE); -+} -+ -+ -+int - hostname_matches(shost, lhost, pattern) - char *shost; - char *lhost; ---- sudo-1.6.8p12/interfaces.c.ipv6 2004-02-13 22:36:43.000000000 +0100 -+++ sudo-1.6.8p12/interfaces.c 2006-07-16 23:33:58.000000000 +0200 -@@ -102,7 +102,7 @@ - load_interfaces() - { - struct ifaddrs *ifa, *ifaddrs; -- /* XXX - sockaddr_in6 sin6; */ -+ struct sockaddr_in6 *sin6; - struct sockaddr_in *sin; - int i; - -@@ -117,12 +117,15 @@ - continue; - - switch(ifa->ifa_addr->sa_family) { -- /* XXX - AF_INET6 */ - case AF_INET: - num_interfaces++; - break; -+ case AF_INET6: -+ num_interfaces++; -+ break; - } - } -+ - if (num_interfaces == 0) - return; - interfaces = -@@ -136,8 +139,8 @@ - continue; - - switch(ifa->ifa_addr->sa_family) { -- /* XXX - AF_INET6 */ - case AF_INET: -+ interfaces[i].sa_family = AF_INET; - sin = (struct sockaddr_in *)ifa->ifa_addr; - memcpy(&interfaces[i].addr, &sin->sin_addr, - sizeof(struct in_addr)); -@@ -146,6 +149,16 @@ - sizeof(struct in_addr)); - i++; - break; -+ case AF_INET6: -+ interfaces[i].sa_family = AF_INET6; -+ sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; -+ memcpy(&interfaces[i].addr6, &sin6->sin6_addr, -+ sizeof(struct in6_addr)); -+ sin6 = (struct sockaddr_in6 *)ifa->ifa_netmask; -+ memcpy(&interfaces[i].netmask6, &sin6->sin6_addr, -+ sizeof(struct in6_addr)); -+ i++; -+ break; - } - } - #ifdef HAVE_FREEIFADDRS -@@ -306,10 +319,30 @@ - void - dump_interfaces() - { -- int i; -+ int i, j, ip6_prefix=0; /* for counting IPv6 prefix length (in bits!!) */ -+ uint8_t u6_addr8[16]; /* for storing IPv6 netmask */ - - puts("Local IP address and netmask pairs:"); - for (i = 0; i < num_interfaces; i++) -- printf("\t%s / 0x%x\n", inet_ntoa(interfaces[i].addr), -- (unsigned int)ntohl(interfaces[i].netmask.s_addr)); -+ { -+ char name[NI_MAXHOST], netmask[NI_MAXHOST]; -+ ip6_prefix=0; -+ -+ switch (interfaces[i].sa_family) -+ { -+ case AF_INET: -+ inet_ntop(AF_INET, &interfaces[i].addr, name, NI_MAXHOST); -+ inet_ntop(AF_INET, &interfaces[i].netmask, netmask, NI_MAXHOST); -+ printf("\t%s / %s\n", name, netmask); -+ break; -+ case AF_INET6: -+ inet_ntop(AF_INET6, &interfaces[i].addr6, name, NI_MAXHOST); -+ memcpy(u6_addr8, &interfaces[i].netmask6, 16); -+ for (j=0; j<16; ++j) -+ if (u6_addr8[j] == 255) /* 255 == 0xff */ -+ ip6_prefix=ip6_prefix+8; /* eight bits */ -+ printf("\t%s / %d\n", name, ip6_prefix); -+ break; -+ } -+ } - } diff --git a/sudo-1.6.8p12-pam-login.patch b/sudo-1.6.8p12-pam-login.patch deleted file mode 100644 index acd62e4..0000000 --- a/sudo-1.6.8p12-pam-login.patch +++ /dev/null @@ -1,116 +0,0 @@ ---- sudo-1.6.8p12/configure.in.login 2006-07-16 15:25:33.000000000 +0200 -+++ sudo-1.6.8p12/configure.in 2006-07-16 15:49:08.000000000 +0200 -@@ -357,6 +357,17 @@ - ;; - esac]) - -+AC_ARG_WITH(pam-login, [ --with-pam-login enable specific PAM session for sudo -i], -+[case $with_pam_login in -+ yes) AC_DEFINE(HAVE_PAM_LOGIN) -+ AC_MSG_CHECKING(whether to use PAM login) -+ AC_MSG_RESULT(yes) -+ ;; -+ no) ;; -+ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) -+ ;; -+esac]) -+ - AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], - [case $with_AFS in - yes) AC_DEFINE(HAVE_AFS) ---- sudo-1.6.8p12/sudo.c.login 2006-07-16 15:39:26.000000000 +0200 -+++ sudo-1.6.8p12/sudo.c 2006-07-16 15:41:42.000000000 +0200 -@@ -109,7 +109,7 @@ - static struct passwd *get_authpw __P((void)); - extern int sudo_edit __P((int, char **)); - extern void list_matches __P((void)); --extern char **rebuild_env __P((char **, int, int)); -+extern char **rebuild_env __P((char **, int)); - extern char **zero_env __P((char **)); - extern struct passwd *sudo_getpwnam __P((const char *)); - extern struct passwd *sudo_getpwuid __P((uid_t)); -@@ -140,6 +140,7 @@ - #endif /* HAVE_BSD_AUTH_H */ - sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld; - void (*set_perms) __P((int)); -+int sudo_mode; - - - int -@@ -151,7 +152,6 @@ - int validated; - int fd; - int cmnd_status; -- int sudo_mode; - int pwflag; - char **new_environ; - sigaction_t sa; -@@ -368,7 +368,7 @@ - - /* Build a new environment that avoids any nasty bits if we have a cmnd. */ - if (ISSET(sudo_mode, MODE_RUN)) -- new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC)); -+ new_environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC)); - else - new_environ = envp; - ---- sudo-1.6.8p12/auth/pam.c.login 2006-07-16 15:41:59.000000000 +0200 -+++ sudo-1.6.8p12/auth/pam.c 2006-07-16 15:45:15.000000000 +0200 -@@ -89,7 +89,12 @@ - if (auth != NULL) - auth->data = (VOID *) &pam_status; - pam_conv.conv = sudo_conv; -- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); -+#ifdef HAVE_PAM_LOGIN -+ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) -+ pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh); -+ else -+#endif -+ pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); - if (pam_status != PAM_SUCCESS) { - log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM"); - return(AUTH_FATAL); ---- sudo-1.6.8p12/env.c.login 2006-07-16 15:40:14.000000000 +0200 -+++ sudo-1.6.8p12/env.c 2006-07-16 15:57:19.000000000 +0200 -@@ -77,7 +77,7 @@ - /* - * Prototypes - */ --char **rebuild_env __P((char **, int, int)); -+char **rebuild_env __P((char **, int)); - char **zero_env __P((char **)); - static void insert_env __P((char *, int)); - static char *format_env __P((char *, ...)); -@@ -321,9 +321,8 @@ - * Also adds sudo-specific variables (SUDO_*). - */ - char ** --rebuild_env(envp, sudo_mode, noexec) -+rebuild_env(envp, noexec) - char **envp; -- int sudo_mode; - int noexec; - { - char **ep, *cp, *ps1; ---- sudo-1.6.8p12/sudo.h.login 2006-07-16 15:59:08.000000000 +0200 -+++ sudo-1.6.8p12/sudo.h 2006-07-16 15:59:38.000000000 +0200 -@@ -251,6 +251,7 @@ - extern FILE *sudoers_fp; - extern int tgetpass_flags; - extern uid_t timestamp_uid; -+extern int sudo_mode; - - extern void (*set_perms) __P((int)); - #endif ---- sudo-1.6.8p12/config.h.in.login 2006-07-16 15:32:09.000000000 +0200 -+++ sudo-1.6.8p12/config.h.in 2006-07-16 15:32:56.000000000 +0200 -@@ -230,6 +230,9 @@ - /* Define to 1 if you use PAM authentication. */ - #undef HAVE_PAM - -+/* Define to 1 if you use specific PAM session for sodo -i. */ -+#undef HAVE_PAM_LOGIN -+ - /* Define to 1 if you have the header file. */ - #undef HAVE_PAM_PAM_APPL_H - diff --git a/sudo-1.6.8p12-requiretty.patch b/sudo-1.6.8p12-requiretty.patch deleted file mode 100644 index 475e5b6..0000000 --- a/sudo-1.6.8p12-requiretty.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- sudo-1.6.8p12/sudoers.tty 2006-05-29 15:10:30.000000000 +0200 -+++ sudo-1.6.8p12/sudoers 2006-05-29 15:17:03.000000000 +0200 -@@ -13,6 +13,12 @@ - - # Defaults specification - -+# -+# Disable "ssh hostname sudo ", because it will show the password in clear. -+# You have to run "ssh -t hostname sudo ". -+# -+Defaults requiretty -+ - Defaults env_reset - Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ - LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ diff --git a/sudo-1.6.8p8-pam-sess.patch b/sudo-1.6.8p8-pam-sess.patch deleted file mode 100644 index e8ce9c1..0000000 --- a/sudo-1.6.8p8-pam-sess.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- sudo-1.6.8p8/auth/pam.c.sess 2005-05-24 16:38:35.976866872 +0200 -+++ sudo-1.6.8p8/auth/pam.c 2005-05-24 16:39:50.061604280 +0200 -@@ -175,6 +175,8 @@ - pam_prep_user(pw) - struct passwd *pw; - { -+ int error; -+ - if (pamh == NULL) - pam_init(pw, NULL, NULL); - -@@ -195,6 +197,20 @@ - */ - (void) pam_setcred(pamh, PAM_ESTABLISH_CRED); - -+ /* -+ * That's enough initialize PAM session in this function, because -+ * sudo calls it before exec() -+ */ -+ if ((error = pam_open_session(pamh, 0))!=PAM_SUCCESS) { -+ pam_end(pamh, error); -+ return(AUTH_FAILURE); -+ } -+ /* -+ * For example settings from pam_limits are persistent after pam_session_close() and -+ * it's probably more clean call pam_close_session() than omit it. -+ */ -+ pam_close_session(pamh, 0); -+ - if (pam_end(pamh, PAM_SUCCESS | PAM_DATA_SILENT) == PAM_SUCCESS) - return(AUTH_SUCCESS); - else diff --git a/sudo-1.6.9p4-getgrouplist.patch b/sudo-1.6.9p4-getgrouplist.patch new file mode 100644 index 0000000..43b5a4e --- /dev/null +++ b/sudo-1.6.9p4-getgrouplist.patch @@ -0,0 +1,61 @@ +--- sudo-1.6.9p4/configure.in.getgrouplist 2007-08-20 11:41:32.000000000 +0200 ++++ sudo-1.6.9p4/configure.in 2007-08-20 13:24:30.000000000 +0200 +@@ -1677,7 +1677,7 @@ + dnl + AC_CHECK_FUNCS(strchr strrchr memchr memcpy memset sysconf tzset \ + strftime setrlimit initgroups getgroups fstat gettimeofday \ +- setlocale getaddrinfo) ++ setlocale getaddrinfo getgrouplist) + if test -z "$SKIP_SETRESUID"; then + AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes]) + fi +--- sudo-1.6.9p4/configure.getgrouplist 2007-08-15 15:23:44.000000000 +0200 ++++ sudo-1.6.9p4/configure 2007-08-20 13:26:25.000000000 +0200 +@@ -14235,7 +14235,7 @@ + + for ac_func in strchr strrchr memchr memcpy memset sysconf tzset \ + strftime setrlimit initgroups getgroups fstat gettimeofday \ +- setlocale getaddrinfo ++ setlocale getaddrinfo getgrouplist + do + as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` + echo "$as_me:$LINENO: checking for $ac_func" >&5 +--- sudo-1.6.9p4/check.c.getgrouplist 2007-07-06 21:52:13.000000000 +0200 ++++ sudo-1.6.9p4/check.c 2007-08-20 13:21:10.000000000 +0200 +@@ -308,6 +308,24 @@ + return(TRUE); + } + ++#ifdef HAVE_GETGROUPLIST ++ { ++ gid_t *grouplist, grouptmp; ++ int n_groups, i; ++ n_groups = 1; ++ if (getgrouplist(user_name, user_gid, &grouptmp, &n_groups) == -1) { ++ grouplist = (gid_t *) emalloc(sizeof(gid_t) * (n_groups + 1)); ++ if (getgrouplist(user_name, user_gid, grouplist, &n_groups) > 0) ++ for (i = 0; i < n_groups; i++) ++ if (grouplist[i] == grp->gr_gid) { ++ free(grouplist); ++ return(TRUE); ++ } ++ free(grouplist); ++ } ++ } ++#endif ++ + return(FALSE); + } + +--- sudo-1.6.9p4/config.h.in.getgrouplist 2007-08-20 11:41:32.000000000 +0200 ++++ sudo-1.6.9p4/config.h.in 2007-08-20 13:21:10.000000000 +0200 +@@ -140,6 +140,9 @@ + /* Define to 1 if you have the `getgroups' function. */ + #undef HAVE_GETGROUPS + ++/* Define to 1 if you have the `getgrouplist' function. */ ++#undef HAVE_GETGROUPLIST ++ + /* Define to 1 if you have the `getifaddrs' function. */ + #undef HAVE_GETIFADDRS + diff --git a/sudo-1.6.9p4-login.patch b/sudo-1.6.9p4-login.patch new file mode 100644 index 0000000..9ebfd6b --- /dev/null +++ b/sudo-1.6.9p4-login.patch @@ -0,0 +1,116 @@ +--- sudo-1.6.9p4/auth/pam.c.login 2007-07-22 14:14:53.000000000 +0200 ++++ sudo-1.6.9p4/auth/pam.c 2007-08-20 11:08:33.000000000 +0200 +@@ -89,7 +89,12 @@ + if (auth != NULL) + auth->data = (VOID *) &pam_status; + pam_conv.conv = sudo_conv; +- pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); ++#ifdef HAVE_PAM_LOGIN ++ if (ISSET(sudo_mode, MODE_LOGIN_SHELL)) ++ pam_status = pam_start("sudo-i", pw->pw_name, &pam_conv, &pamh); ++ else ++#endif ++ pam_status = pam_start("sudo", pw->pw_name, &pam_conv, &pamh); + if (pam_status != PAM_SUCCESS) { + log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM"); + return(AUTH_FATAL); +--- sudo-1.6.9p4/config.h.in.login 2007-08-15 15:22:19.000000000 +0200 ++++ sudo-1.6.9p4/config.h.in 2007-08-20 11:08:34.000000000 +0200 +@@ -266,6 +266,9 @@ + /* Define to 1 if you use PAM authentication. */ + #undef HAVE_PAM + ++/* Define to 1 if you use specific PAM session for sodo -i. */ ++#undef HAVE_PAM_LOGIN ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_PAM_PAM_APPL_H + +--- sudo-1.6.9p4/env.c.login 2007-07-31 20:04:31.000000000 +0200 ++++ sudo-1.6.9p4/env.c 2007-08-20 11:24:48.000000000 +0200 +@@ -104,7 +104,7 @@ + /* + * Prototypes + */ +-char **rebuild_env __P((char **, int, int)); ++char **rebuild_env __P((char **, int)); + static void insert_env __P((char *, struct environment *, int)); + static char *format_env __P((char *, ...)); + +@@ -391,9 +391,8 @@ + * Also adds sudo-specific variables (SUDO_*). + */ + char ** +-rebuild_env(envp, sudo_mode, noexec) ++rebuild_env(envp, noexec) + char **envp; +- int sudo_mode; + int noexec; + { + char **ep, *cp, *ps1; +--- sudo-1.6.9p4/configure.in.login 2007-08-15 15:48:51.000000000 +0200 ++++ sudo-1.6.9p4/configure.in 2007-08-20 11:08:33.000000000 +0200 +@@ -351,6 +351,17 @@ + ;; + esac]) + ++AC_ARG_WITH(pam-login, [ --with-pam-login enable specific PAM session for sudo -i], ++[case $with_pam_login in ++ yes) AC_DEFINE(HAVE_PAM_LOGIN) ++ AC_MSG_CHECKING(whether to use PAM login) ++ AC_MSG_RESULT(yes) ++ ;; ++ no) ;; ++ *) AC_MSG_ERROR(["--with-pam-login does not take an argument."]) ++ ;; ++esac]) ++ + AC_ARG_WITH(AFS, [ --with-AFS enable AFS support], + [case $with_AFS in + yes) AC_DEFINE(HAVE_AFS) +--- sudo-1.6.9p4/sudo.h.login 2007-07-06 16:14:34.000000000 +0200 ++++ sudo-1.6.9p4/sudo.h 2007-08-20 11:33:45.000000000 +0200 +@@ -268,6 +268,7 @@ + extern FILE *sudoers_fp; + extern int tgetpass_flags; + extern uid_t timestamp_uid; ++extern int sudo_mode; + #endif + #ifndef errno + extern int errno; +--- sudo-1.6.9p4/sudo.c.login 2007-08-15 15:48:56.000000000 +0200 ++++ sudo-1.6.9p4/sudo.c 2007-08-20 11:34:07.000000000 +0200 +@@ -122,7 +122,7 @@ + static struct passwd *get_authpw __P((void)); + extern int sudo_edit __P((int, char **, char **)); + extern void list_matches __P((void)); +-extern char **rebuild_env __P((char **, int, int)); ++extern char **rebuild_env __P((char **, int)); + extern void validate_env_vars __P((struct list_member *)); + extern char **insert_env_vars __P((char **, struct list_member *)); + extern struct passwd *sudo_getpwnam __P((const char *)); +@@ -153,6 +153,7 @@ + char *login_style; + #endif /* HAVE_BSD_AUTH_H */ + sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp, saved_sa_chld; ++int sudo_mode; + + + int +@@ -164,7 +165,6 @@ + int validated; + int fd; + int cmnd_status; +- int sudo_mode; + int pwflag; + sigaction_t sa; + extern int printmatches; +@@ -347,7 +347,7 @@ + def_env_reset = FALSE; + + /* Build a new environment that avoids any nasty bits. */ +- environ = rebuild_env(environ, sudo_mode, ISSET(validated, FLAG_NOEXEC)); ++ environ = rebuild_env(envp, ISSET(validated, FLAG_NOEXEC)); + + /* Fill in passwd struct based on user we are authenticating as. */ + auth_pw = get_authpw(); diff --git a/sudo.spec b/sudo.spec index 93a01be..ab68822 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo -Version: 1.6.8p12 -Release: 14%{?dist} +Version: 1.6.9p4 +Release: 1%{?dist} License: BSD Group: Applications/System URL: http://www.courtesan.com/sudo/ @@ -16,19 +16,12 @@ BuildRequires: openldap-devel BuildRequires: flex BuildRequires: bison -# 154511 - sudo does not use limits.conf -Patch2: sudo-1.6.8p8-pam-sess.patch # don't strip -Patch3: sudo-1.6.7p5-strip.patch -# Default sudoers: reset env. -Patch4: sudo-1.6.8p12-env-reset.patch -# Default sudoers; require tty (#190062) -Patch5: sudo-1.6.8p12-requiretty.patch -# Use specific PAM session for sudo -i (#198755) -Patch6: sudo-1.6.8p12-pam-login.patch -# IPv6 support -Patch7: sudo-1.6.8p12-ipv6.patch -Patch8: sudo-1.6.8p12-getgrouplist.patch +Patch1: sudo-1.6.7p5-strip.patch +# use specific PAM session for sudo -i (#198755) +Patch2: sudo-1.6.9p4-login.patch +# the rest, see changelog +Patch3: sudo-1.6.9p4-getgrouplist.patch %description Sudo (superuser do) allows a system administrator to give certain @@ -43,13 +36,9 @@ on many different machines. %prep %setup -q -%patch2 -p1 -b .sess -%patch3 -p1 -b .strip -%patch4 -p1 -b .env_reset -%patch5 -p1 -b .tty -%patch6 -p1 -b .login -%patch7 -p1 -b .ipv6 -%patch8 -p1 -b .getgrouplist +%patch1 -p1 -b .strip +%patch2 -p1 -b .login +%patch3 -p1 -b .getgrouplist %build %ifarch s390 s390x @@ -75,6 +64,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE -DHAVE_PAM_LOGIN" LDFLAGS="-pie" --with-ignore-dot \ --with-tty-tickets \ --with-ldap +# --without-kerb5 \ +# --without-kerb4 make %install @@ -110,7 +101,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) -%doc BUGS CHANGES HISTORY LICENSE README RUNSON TODO TROUBLESHOOTING UPGRADE *.pod +%doc BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING UPGRADE *.pod %attr(0440,root,root) %config(noreplace) /etc/sudoers %config(noreplace) /etc/pam.d/sudo %config(noreplace) /etc/pam.d/sudo-i @@ -129,6 +120,9 @@ rm -rf $RPM_BUILD_ROOT /bin/chmod 0440 /etc/sudoers || : %changelog +* Mon Aug 20 2007 Peter Vrabec 1.6.9p4-1 +- upgrade to upstream release + * Thu Apr 12 2007 Peter Vrabec 1.6.8p12-14 - also use getgrouplist() to determine group membership (#235915)