# use fakeroot -ba sudo.spec to build!
%define pre 0
%define subrel 1
%define build_71 0
%if %build_71
%define _sysconfdir /etc
%endif
Summary: Allows command execution as root for specified users
Name: sudo
Version: 1.6.9p5
Release: %mkrel 1
Epoch: 1
License: GPL
Group: System/Base
URL: http://www.sudo.ws/sudo
%if %pre
Source: http://www.sudo.ws/sudo/dist/%name-%version%pre.tar.gz
Source1: http://www.sudo.ws/sudo/dist/%name-%version%pre.tar.gz.sig
%else
Source: http://www.sudo.ws/sudo/dist/%name-%version.tar.gz
Source1: http://www.sudo.ws/sudo/dist/%name-%version.tar.gz.sig
Source2: sudo.pamd
%endif
Patch1: sudo-1.6.8_p9-nss_ldap.patch
Patch2: sudo-CVE-2009-0034.patch
BuildRequires: pam-devel
BuildRequires: openldap-devel
BuildRoot: %_tmppath/%name-%version
%description
Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is
to give as few privileges as possible but still allow people to get
their work done.
%prep
%if %pre
%setup -q -n %name-%version%pre
%else
%setup -q -n %name-%version
%endif
%patch1 -p1 -b .nss_ldap
%patch2 -p1 -b .CVE-2009-0034
%build
%serverbuild
%configure --with-logging=both \
--with-logpath=/var/log/sudo.log \
--with-editor=/bin/vi \
--enable-log-host \
--disable-log-wrap \
--with-pam \
--with-env-editor \
--with-noexec=no \
--with-ldap \
--with-secure-path="/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin" \
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
%make
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/usr
%if %build_71
make prefix=%{buildroot}/usr sysconfdir=%{buildroot}/etc \
install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g) \
install
make prefix=%{buildroot}/usr sysconfdir=%{buildroot}/etc \
install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g) \
install-sudoers
%else
%makeinstall \
install_uid=$UID install_gid=$(id -g) sudoers=uid=$UID sudoers_gid=$(id -g)
%endif
mkdir -p %{buildroot}/var/run/sudo
chmod 700 %{buildroot}/var/run/sudo
install -D -m644 %{SOURCE2} %{buildroot}/etc/pam.d/sudo
# Installing logrotated file
mkdir -p %{buildroot}/etc/logrotate.d
cat <<END >%{buildroot}/etc/logrotate.d/sudo
/var/log/sudo.log {
missingok
monthly
compress
}
END
chmod 755 %{buildroot}/usr/bin/sudo
chmod 755 %{buildroot}/usr/sbin/visudo
install -m 755 sudoers2ldif %{buildroot}%{_bindir}
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc BUGS CHANGES HISTORY INSTALL PORTING README README.LDAP
%doc TROUBLESHOOTING UPGRADE sample.sudoers
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
%config(noreplace) %{_sysconfdir}/logrotate.d/sudo
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%{_bindir}/sudoers2ldif
%attr(4111,root,root) %{_bindir}/sudo
%attr(4111,root,root) %{_bindir}/sudoedit
%attr(0111,root,root) %{_sbindir}/visudo
%{_mandir}/*/*
/var/run/sudo
%changelog
* Tue Feb 03 2009 Eugeni Dodonov <eugeni@mandriva.com> 1.6.9p5-1.1mdv2008.0
- P2: Security fix CVE-2009-0034
* Thu Sep 13 2007 Marcelo Ricardo Leitner <mrl@mandriva.com> 1.6.9p5-1mdv2008.0
+ Revision: 85183
- Upstream's TODO file doesn't exist anymore.
+ Tomasz Pawel Gajc <tpg@mandriva.org>
- new version
* Sat Aug 18 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p4-1mdv2008.0
+ Revision: 65404
- new version
- correct url
* Fri Aug 03 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p3-1mdv2008.0
+ Revision: 58394
- new version
* Thu Aug 02 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p2-1mdv2008.0
+ Revision: 57903
- new version
- remove /usr/X11R6/bin from the secure path
* Fri Jul 27 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9p1-2mdv2008.0
+ Revision: 56323
- new version (bugfixes)
* Mon Jul 23 2007 Andreas Hasenack <andreas@mandriva.com> 1:1.6.9-2mdv2008.0
+ Revision: 54662
- %%{optflags} doesn't include the security flags set by %%serverbuild
* Sun Jul 22 2007 Tomasz Pawel Gajc <tpg@mandriva.org> 1:1.6.9-1mdv2008.0
+ Revision: 54403
- remove patch 0
- new version
* Wed Jun 27 2007 Andreas Hasenack <andreas@mandriva.com> 1:1.6.8p12-8mdv2008.0
+ Revision: 45062
- using new serverbuild macro (-fstack-protector)
* Fri Jun 22 2007 Andreas Hasenack <andreas@mandriva.com> 1:1.6.8p12-7mdv2008.0
+ Revision: 43263
- use -fstack-protector
* Tue Feb 27 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.6.8p12-6mdv2007.0
+ Revision: 126251
- no ugly and unjustified file requires on /etc/pam.d/system-auth
- spec cleanup
- use patch from gentoo to fix nss issue (fix #23421)
* Fri Feb 23 2007 Thierry Vignaud <tvignaud@mandriva.com> 1:1.6.8p12-5mdv2007.1
+ Revision: 125075
- Import sudo
* Fri Feb 23 2007 Thierry Vignaud <tvignaud@mandrakesoft.com> 1.6.8p12-5mdv2007.1
- update patch 0: whitelist GP_LANG & GP_LANGUAGE (#25419)
* Fri Sep 01 2006 Warly <warly@mandriva.com> 1:1.6.8p12-4mdv2007.0
- make sudo use a whitelist rather than blacklist
* Tue May 02 2006 Stefan van der Eijk <stefan@eijk.nu> 1:1.6.8p12-3mdk
- rebuild for sparc
* Tue Jan 31 2006 Olivier Blin <oblin@mandriva.com> 1.6.8p12-2mdk
- use "include" directive instead of deprecated pam_stack module
(and remove hardcoded library path)
- move pam.d config in Source2
* Thu Dec 22 2005 Oden Eriksson <oeriksson@mandriva.com> 1.6.8p12-1mdk
- 1.6.8p12
- merged bits from the sudo-1.6.8p8-CVE-2005-2959_4158.patch
* Thu Oct 06 2005 Pascal Terjan <pterjan@mandriva.org> 1.6.8p9-1mdk
- 1.6.8p9
* Wed Aug 31 2005 Oden Eriksson <oeriksson@mandriva.com> 1.6.8p8-2mdk
- rebuilt against new openldap-2.3.6 libs
* Mon Jun 06 2005 Pascal TErjan <pterjan@mandriva.org> 1:1.6.8p8-1mdk
- 1.6.8p8
- summary-ended-with-dot
* Fri Feb 04 2005 Buchan Milne <bgmilne@linux-mandrake.com> 1.6.8p1-2mdk
- rebuild for ldap2.2_7
* Wed Sep 22 2004 Olivier Blin <blino@mandrake.org> 1.6.8p1-1mdk
- 1.6.8p1
* Sun Aug 29 2004 Olivier Blin <blino@mandrake.org> 1.6.8-2mdk
- ldap support
- add README.ldap and sudoers2ldif in package
* Sat Aug 28 2004 Olivier Blin <blino@mandrake.org> 1.6.8-1mdk
- 1.6.8
- spec file fixes for stable versions
- do not build sudo_noexec
- ship sudoedit
* Tue Aug 03 2004 Olivier Blin <blino@mandrake.org> 1.6.7-0.p5.3mdk
- define a sane secure path (fix bug 448)
