From: TizenOpenSource Date: Mon, 22 Jan 2024 06:37:19 +0000 (+0900) Subject: Bump to 1.9.15p5 X-Git-Tag: accepted/tizen/unified/20240131.064040^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;p=platform%2Fupstream%2Fsudo.git Bump to 1.9.15p5 Signed-off-by: TizenOpenSource --- diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 3400588..0000000 --- a/.gitignore +++ /dev/null @@ -1,100 +0,0 @@ -**/*~ -**/*.i -**/*.l[ao] -**/*.lai -**/*.map -**/*.o -**/*.plog - -**/*.diff -**/*.orig -**/*.patch -**/*.rej - -**/.libs -**/Makefile - -autom4te.cache -build -config.h -config.log -config.status -libtool -pathnames.h -ChangeLog -PVS-Studio.cfg -stamp-* -uncrustify.files - -docs/*.man -docs/*.mdoc -docs/fixman.sed - -examples/sudo.conf -examples/sudo_logsrvd.conf -examples/sudoers -examples/syslog.conf - -etc/init.d/sudo.conf - -init.d/*.sh -init.d/sudo.conf - -src/sudo -src/sesh -src/check_net_ifs -src/check_noexec -src/check_ttyname -src/intercept.exp -src/sudo_usage.h - -lib/eventlog/check_wrap -lib/eventlog/regress/logwrap/check_wrap.out - -lib/iolog/check_iolog_[a-z]* -lib/iolog/fuzz_iolog_[a-z]* -lib/iolog/host_port_test - -lib/util/getgids -lib/util/mksiglist -lib/util/mksiglist.h -lib/util/mksigname -lib/util/mksigname.h -lib/util/siglist.c -lib/util/signame.c -lib/util/util.exp -lib/util/[a-z]*_test -lib/util/fuzz_[a-z]* -lib/util/regress/**/*.out -lib/util/regress/**/*.err -lib/util/regress/harness - -logsrvd/sudo_logsrvd -logsrvd/sudo_sendlog -logsrvd/fuzz_[a-z]* -logsrvd/logsrvd_conf_test - -plugins/sudoers/cvtsudoers -plugins/sudoers/sudoers -plugins/sudoers/sudoreplay -plugins/sudoers/testsudoers -plugins/sudoers/tsdump -plugins/sudoers/tsgetusershell.c -plugins/sudoers/visudo -plugins/sudoers/prologue -plugins/sudoers/check_[a-z]* -plugins/sudoers/fuzz_[a-z]* -plugins/sudoers/regress/**/*.out -plugins/sudoers/regress/**/*.toke -plugins/sudoers/regress/**/*.err -plugins/sudoers/regress/**/*.json -plugins/sudoers/regress/**/*.ldif -plugins/sudoers/regress/**/*.sudo -plugins/sudoers/regress/**/*.ldif2sudo -plugins/sudoers/regress/harness -plugins/sudoers/regress/iolog_plugin/iolog -plugins/sudoers/regress/testsudoers/test3.d/root - -plugins/python/__pycache__ -plugins/python/regress/__pycache__ -plugins/python/check_python_examples diff --git a/packaging/add_audit_arch_aarch64.patch b/packaging/add_audit_arch_aarch64.patch new file mode 100644 index 0000000..0d7a1d2 --- /dev/null +++ b/packaging/add_audit_arch_aarch64.patch @@ -0,0 +1,15 @@ +diff --git a/src/exec_ptrace.h b/src/exec_ptrace.h +index 680194d..8c5d604 100644 +--- a/src/exec_ptrace.h ++++ b/src/exec_ptrace.h +@@ -46,6 +46,10 @@ + # endif + #endif + ++#ifndef AUDIT_ARCH_AARCH64 ++#define AUDIT_ARCH_AARCH64 (EM_AARCH64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif ++ + /* Align address to a (compat) word boundary. */ + #define WORDALIGN(_a, _r) \ + (((_a) + ((long)(_r).wordsize - 1L)) & ~((long)(_r).wordsize - 1L)) diff --git a/packaging/sudo.manifest b/packaging/sudo.manifest new file mode 100644 index 0000000..017d22d --- /dev/null +++ b/packaging/sudo.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/packaging/sudo.pamd b/packaging/sudo.pamd new file mode 100644 index 0000000..4d78b1e --- /dev/null +++ b/packaging/sudo.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +# session optional pam_xauth.so diff --git a/packaging/sudo.spec b/packaging/sudo.spec new file mode 100644 index 0000000..afaa24d --- /dev/null +++ b/packaging/sudo.spec @@ -0,0 +1,158 @@ +%if ! %{defined _distconfdir} +%define _distconfdir %{_sysconfdir} +%else +%define use_usretc 1 +%endif + +Name: sudo +Version: 1.9.15p5 +Release: 0 +Summary: Execute some commands as root +License: ISC +Group: System/Utilities +Url: http://www.sudo.ws/ +Source0: http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz +Source1: sudo.pamd +Source1001: sudo.manifest +Source1002: add_audit_arch_aarch64.patch +BuildRequires: groff +BuildRequires: pam-devel +Requires(pre): coreutils + +%description +Sudo is a command that allows users to execute some commands as root. +The /etc/sudoers file (edited with 'visudo') specifies which users have +access to sudo and which commands they can run. Sudo logs all its +activities to syslogd, so the system administrator can keep an eye on +things. Sudo asks for the password for initializing a check period of a +given time N (where N is defined at installation and is set to 5 +minutes by default). + +%package devel +Summary: Header files needed for sudo plugin development +Group: System/Utilities + +%description devel +These header files are needed for building of sudo plugins. + +%package rpm +Summary: Script making possible to run RPM as root from inside build +Group: System/Utilities +Requires: sudo + +%description rpm +The package will add ALL ALL = (root) NOPASSWD: /usr/bin/rpm to sudoers and +makes possible to install packages from inside build. + +%prep +%setup -q +cp %{SOURCE1001} . +%{__patch} -p1 < %{SOURCE1002} + +%build +F_PIE=-fpie +export CFLAGS="%{optflags} -Wall $F_PIE" +%{?asan:LDFLAGS+=" -ldl"} +%configure \ +--libexecdir=%{_libexecdir}/sudo \ +--docdir=%{_docdir}/%{name} \ +--with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \ +--with-pam \ +--with-logfac=auth \ +--without-insults \ +--with-ignore-dot \ +--with-tty-tickets \ +--enable-shell-sets-home \ +--enable-warnings \ +--with-sudoers-mode=0440 \ +--with-env-editor \ +--without-secure-path \ +--with-passprompt='%%p\x27s password:' \ +--with-rundir=%{_localstatedir}/lib/sudo \ +--enable-pie +%__make %{?_smp_mflags} + +%install +#%%make_install +%{__make} \ +DESTDIR=%{?buildroot:%{buildroot}} \ +INSTALL_ROOT=%{?buildroot:%{buildroot}} \ +install install_uid=`id -u` install_gid=`id -g` + +rm -f %{?buildroot:%{buildroot}}%{_infodir}/dir +find %{?buildroot:%{buildroot}} -regex ".*\\.la$" | xargs rm -f -- +%{!?keepstatic:find %{?buildroot:%{buildroot}} -regex ".*\\.a$" | xargs rm -f --} + +install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d +install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo +rm -f %{buildroot}%{_bindir}/sudoedit +ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit +rm -f %{buildroot}%{_docdir}/%{name}/sample.pam +rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf +rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP +rm -f %{buildroot}%{_libexecdir}/%{name}/sudoers.la +rm -f %{buildroot}%{_sysconfdir}/sudoers.dist +%find_lang %{name} +%find_lang sudoers +cat sudoers.lang >> %{name}.lang + +%post +chmod 0440 %{_sysconfdir}/sudoers + +%post rpm +echo 'ALL ALL = (root) NOPASSWD: /usr/bin/rpm' >> %{_sysconfdir}/sudoers + +%lang_package + +%files +%manifest %{name}.manifest +%defattr(-,root,root) +%license LICENSE.md +%doc %{_docdir}/%{name} +%{_mandir}/man1/cvtsudoers.1%{?ext_man} +%{_mandir}/man5/sudoers.5%{?ext_man} +%{_mandir}/man5/sudo.conf.5%{?ext_man} +%{_mandir}/man5/sudoers_timestamp.5%{?ext_man} +%{_mandir}/man8/sudo.8%{?ext_man} +%{_mandir}/man8/sudoedit.8%{?ext_man} +%{_mandir}/man8/sudoreplay.8%{?ext_man} +%{_mandir}/man8/visudo.8%{?ext_man} +%{_mandir}/man5/sudo_logsrv.proto.5%{?ext_man} +%{_mandir}/man5/sudo_logsrvd.conf.5%{?ext_man} +%{_mandir}/man8/sudo_logsrvd.8%{?ext_man} +%{_mandir}/man8/sudo_sendlog.8%{?ext_man} + +%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers +%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf +%config(noreplace) %{_sysconfdir}/pam.d/sudo +%attr(4755,root,root) %{_bindir}/sudo + +%{_bindir}/sudoedit +%{_bindir}/sudoreplay +%{_bindir}/cvtsudoers +%{_sbindir}/visudo +%{_sbindir}/sudo_logsrvd +%{_sbindir}/sudo_sendlog +%dir %{_libexecdir}/%{name} +%{_libexecdir}/%{name}/sudo_noexec.so +%dir %{_libexecdir}/%{name}/%{name} +%{_libexecdir}/%{name}/%{name}/sudoers.so +%{_libexecdir}/%{name}/%{name}/group_file.so +%{_libexecdir}/%{name}/%{name}/system_group.so +%{_libexecdir}/%{name}/%{name}/audit_json.so +%{_libexecdir}/%{name}/%{name}/sudo_intercept.so +%{_libexecdir}/%{name}/libsudo_util.so.* +%attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name} +%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts + + +%files devel +%doc plugins/sample/sample_plugin.c +%{_includedir}/sudo_plugin.h +%{_mandir}/man5/sudo_plugin.5%{?ext_man} +%{_libexecdir}/%{name}/libsudo_util.so* + + +%files rpm