diff --git a/sudo-1.9.12p1.tar.gz b/sudo-1.9.12p2.tar.gz similarity index 40% rename from sudo-1.9.12p1.tar.gz rename to sudo-1.9.12p2.tar.gz index a3488fddac4bfa7f6952951016a39fc12619dff9..860d2aff75fcc6106e20bf757e8f60d7678a1a2d 100644 Binary files a/sudo-1.9.12p1.tar.gz and b/sudo-1.9.12p2.tar.gz differ diff --git a/sudo.spec b/sudo.spec index 64e313a45ec501e8ded2df291c3df2768664b8f0..4c76c5d66579ea9f602a29a0af230275f1963b60 100644 --- a/sudo.spec +++ b/sudo.spec @@ -1,11 +1,11 @@ %define anolis_release 1 Summary: Allows restricted root access for specified users Name: sudo -Version: 1.9.12p1 +Version: 1.9.12p2 Release: %{anolis_release}%{?dist} License: ISC URL: https://www.sudo.ws -Source0: %{url}/dist/%{name}-%{version}.tar.gz +Source0: https://www.sudo.ws/dist/%{name}-%{version}.tar.gz Source1: sudoers Requires: pam @@ -16,7 +16,8 @@ BuildRequires: openldap-devel BuildRequires: flex BuildRequires: bison BuildRequires: libtool -BuildRequires: audit-libs-devel libcap-devel +BuildRequires: audit-libs-devel +BuildRequires: libcap-devel BuildRequires: libselinux-devel BuildRequires: sendmail BuildRequires: gettext @@ -45,7 +46,7 @@ plugins that use %{name}. %package logsrvd Summary: High-performance log server for %{name} Requires: %{name} = %{version}-%{release} -BuildRequires: openssl-devel +BuildRequires: pkgconfig(openssl) >= 1.0.1 %description logsrvd @@ -97,27 +98,26 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --with-sssd # --without-kerb5 \ # --without-kerb4 -make +%make_build %check -make check +%make_build check %generate_compatibility_deps %install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` +%make_install install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g` chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/* install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured -install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d -install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers +install -p -d -m 750 $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.d +install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sudoers #add sudo to protected packages -install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/ +install -p -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ touch sudo.conf echo sudo > sudo.conf -install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/ +install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ rm -f sudo.conf chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files @@ -128,9 +128,6 @@ rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE # Remove examples; Examples can be found in man pages too. rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo -#Remove all .la files -find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' - # Remove sudoers.dist rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist @@ -140,8 +137,8 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist cat sudo.lang sudoers.lang > sudo_all.lang rm sudo.lang sudoers.lang -mkdir -p $RPM_BUILD_ROOT/etc/pam.d -cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d +cat > $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo << EOF #%%PAM-1.0 auth include system-auth account include system-auth @@ -151,7 +148,7 @@ session required pam_limits.so session include system-auth EOF -cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF +cat > $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo-i << EOF #%%PAM-1.0 auth include sudo account include sudo @@ -161,14 +158,13 @@ session include sudo EOF %files -f sudo_all.lang -%defattr(-,root,root) -%attr(0440,root,root) %config(noreplace) /etc/sudoers -%attr(0750,root,root) %dir /etc/sudoers.d/ -%config(noreplace) /etc/pam.d/sudo -%config(noreplace) /etc/pam.d/sudo-i +%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers +%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/ +%config(noreplace) %{_sysconfdir}/pam.d/sudo +%config(noreplace) %{_sysconfdir}/pam.d/sudo-i %attr(0644,root,root) %{_tmpfilesdir}/sudo.conf -%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf -%attr(0640,root,root) %config(noreplace) /etc/sudo.conf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/dnf/protected.d/sudo.conf +%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf %dir /var/db/sudo %dir /var/db/sudo/lectured %attr(4111,root,root) %{_bindir}/sudo @@ -193,11 +189,10 @@ EOF %{_mandir}/man8/sudoedit.8* %{_mandir}/man8/sudoreplay.8* %{_mandir}/man8/visudo.8* -%{_mandir}/man1/cvtsudoers.1.zst -%{_mandir}/man5/sudoers_timestamp.5.zst +%{_mandir}/man1/cvtsudoers.1* +%{_mandir}/man5/sudoers_timestamp.5* %dir %{_pkgdocdir}/ %{_pkgdocdir}/* -%{!?_licensedir:%global license %%doc} %license LICENSE.md %exclude %{_pkgdocdir}/ChangeLog %{abidir}/sudo_noexec.dump @@ -210,23 +205,26 @@ EOF %files devel %doc plugins/sample/sample_plugin.c %{_includedir}/sudo_plugin.h -%{_mandir}/man5/sudo_plugin.5.zst +%{_mandir}/man5/sudo_plugin.5* %files logsrvd -%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf +%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf %attr(0755,root,root) %{_sbindir}/sudo_logsrvd %attr(0755,root,root) %{_sbindir}/sudo_sendlog -%{_mandir}/man5/sudo_logsrv.proto.5.zst -%{_mandir}/man5/sudo_logsrvd.conf.5.zst -%{_mandir}/man8/sudo_logsrvd.8.zst -%{_mandir}/man8/sudo_sendlog.8.zst +%{_mandir}/man5/sudo_logsrv.proto.5* +%{_mandir}/man5/sudo_logsrvd.conf.5* +%{_mandir}/man8/sudo_logsrvd.8* +%{_mandir}/man8/sudo_sendlog.8* %files python-plugin -%{_mandir}/man5/sudo_plugin_python.5.zst +%{_mandir}/man5/sudo_plugin_python.5* %attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so %{abidir}/python_plugin.dump %changelog +* Thu Jan 26 2023 Funda Wang - 1.9.12p2-1 +- New version 1.9.12p2 + * Wed Nov 23 2022 Kun(llfl) - 1.9.12p1-1 - upgrade version to 1.9.12p1 (stable verson in which CVE-2022-43995 fixed). - spec optimization.