specs/s/sudo/sudo-vl.spec

Summary: Allows command execution as root for specified users
Summary(ja): スーパーユーザ権限でのコマンドの実行
Name: sudo
Version: 1.9.12
Release: 1%{?_dist_release}
Group: system
Vendor: Project Vine
Distribution: Vine Linux

License: ISC-style
URL: https://www.sudo.ws/sudo/
Source0: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz
Source1: sudo-sudoers-vine

# don't strip
Patch1: sudo-1.9.7-strip.patch

Patch1000:CVE-2022-43995.patch

Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: pam-devel
BuildRequires: groff
BuildRequires: flex
BuildRequires: bison
BuildRequires: openldap-devel
BuildRequires: automake autoconf libtool
BuildRequires: libcap-devel
BuildRequires: zlib-devel

%description
Sudo (superuser do) allows a system administrator to give certain users 
(or groups of users) the ability to run some (or all) commands as root while 
logging all commands and arguments. Sudo operates on a per-command basis, 
it is not a replacement for the shell. 

%description -l ja
sudo は、特定のユーザや特定のグループに所属するユーザが、スーパーユーザ権限で
いくつかのコマンド操作を行うことを許可するためのプログラムです。


%package        devel
Summary:        Development files for %{name}
Group:          programming
Requires:       %{name} = %{version}-%{release}

%description    devel
The %{name}-devel package contains header files developing sudo
plugins that use %{name}.


%package        logsrvd
Summary:        High-performance log server for %{name}
Group:          system,servers
Requires:       %{name} = %{version}-%{release}
BuildRequires:  openssl-devel

%description    logsrvd
%{name}-logsrvd is a high-performance log server that accepts event and
I/O logs from sudo.
It can be used to implement centralized logging of sudo logs.


%debug_package


%prep
%setup -q
%autopatch -p1

rm -rf zlib/


%build
autoreconf -I m4 -fv --install

F_PIE=-fpie
export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"

%configure \
  --prefix=%{_prefix} \
  --sbindir=%{_sbindir} \
  --libdir=%{_libdir} \
  --sysconfdir=%{_sysconfdir} \
  --docdir=%{_datadir}/doc/%{name}-%{version} \
  --with-iologdir=/var/log/sudo-io \
  --with-pam \
  --with-pam-login \
  --with-logging=syslog \
  --with-logfac=authpriv \
  --with-tty-tickets \
  --with-ignore-dot \
  --with-editor=/bin/vi \
  --with-env-editor \
  --with-ldap \
  --with-passprompt="[sudo] password for %p: " \
  --with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin" \
  --without-interfaces \
  --without-selinux
make %{?_smp_mflags}


%install
rm -rf %{buildroot}
mkdir %{buildroot}
%make_install \
	install_uid=`id -u` install_gid=`id -g` \
	sudoers_uid=`id -u` sudoers_gid=`id -g`

chmod 755 %{buildroot}%{_bindir}/* %{buildroot}%{_sbindir}/* 
install -p -d -m 700 %{buildroot}/var/run/sudo
install -p -d -m 700 %{buildroot}/var/db/sudo/lectured
install -p -d -m 700 %{buildroot}/var/log/sudo-io
install -p -d -m 750 %{buildroot}/etc/sudoers.d
install -p -c -m 0440 %{SOURCE1} %{buildroot}/etc/sudoers

chmod +x %{buildroot}%{_libexecdir}/sudo/*.so # for stripping, reset in %%files

mv -f %{buildroot}%{_docdir}/sudo-%{version} docdir
mv -f %{buildroot}%{_sysconfdir}/sudoers.dist docdir/
rm -f docdir/LICENSE*

#Remove all .la files
find %{buildroot} -name '*.la' -exec rm -f {} ';'

%find_lang sudo
%find_lang sudoers

cat sudo.lang sudoers.lang > sudo_all.lang
rm sudo.lang sudoers.lang

mkdir -p %{buildroot}/etc/pam.d
cat > %{buildroot}/etc/pam.d/sudo << EOF
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so revoke
session    required     pam_limits.so
session    include      system-auth
EOF

cat > %{buildroot}/etc/pam.d/sudo-i << EOF
#%PAM-1.0
auth       include      sudo
account    include      sudo
password   include      sudo
session    optional     pam_keyinit.so force revoke
session    include      sudo
EOF


%clean 
rm -rf %{buildroot}


%post
/bin/chmod 0440 /etc/sudoers || :


%files -f sudo_all.lang
%defattr(-,root,root)
%license LICENSE.md
%doc docdir/*
%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
%attr(0440,root,root) %config(noreplace) /etc/sudoers
%attr(0750,root,root) %dir /etc/sudoers.d/
%config(noreplace) /etc/pam.d/sudo
%config(noreplace) /etc/pam.d/sudo-i
%dir /var/run/sudo
%dir /var/db/sudo
%dir /var/db/sudo/lectured
%attr(0750,root,root) %dir /var/log/sudo-io
%{_bindir}/cvtsudoers
%attr(4111,root,root) %{_bindir}/sudo
%{_bindir}/sudoedit
%attr(0111,root,root) %{_bindir}/sudoreplay
%attr(0755,root,root) %{_sbindir}/visudo
%dir %{_libexecdir}/sudo
%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_intercept.so
%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
#%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so
%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
%{_libexecdir}/sudo/libsudo_util.so.?
%{_libexecdir}/sudo/libsudo_util.so
%{_mandir}/man1/cvtsudoers.1*
%{_mandir}/man5/sudoers*.5*
%{_mandir}/man5/sudo.conf.5*
%{_mandir}/man8/sudo.8*
%{_mandir}/man8/sudoedit.8*
%{_mandir}/man8/sudoreplay.8*
%{_mandir}/man8/visudo.8*

%files devel
%doc plugins/sample/sample_plugin.c
%{_includedir}/sudo_plugin.h
%{_mandir}/man5/sudo_plugin.5*

%files logsrvd
%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf
%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
%attr(0755,root,root) %{_sbindir}/sudo_sendlog
%{_mandir}/man5/sudo_logsrv.proto.5.gz
%{_mandir}/man5/sudo_logsrvd.conf.5.gz
%{_mandir}/man8/sudo_logsrvd.8.gz
%{_mandir}/man8/sudo_sendlog.8.gz


%changelog
* Thu Nov 03 2022 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.12-1
- updated to 1.9.12.
- added sudo-devel.

* Sat Oct 09 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.8p2-1
- updated to 1.9.8p2.
- built with openssl-3.0.0.

* Tue Jun 08 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.7-1
- updated to 1.9.7.
- updated Patch1.

* Sat Jan 30 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.5p2-1
- updated to 1.9.5p2.

* Fri Jan 15 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.9.5p1-1
- updated to 1.9.5p1.

* Tue Feb 11 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.31-1
- updated to 1.8.31.

* Wed Jan 08 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.30-1
- updated to 1.8.30.

* Tue Oct 15 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.28-1
- updated to 1.8.28.
- dropped Patch2.

* Sat Jul 23 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.17p1-1
- updated to 1.8.17p1.
- added Patch2.
- dropped Patch4.

* Mon Feb  3 2014 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.8.6p8-1
- update to 1.8.6p8 

* Mon Mar 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.8.6p7-3
- fix permission of sudoreplay

* Mon Mar 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.8.6p7-2
- add /var/log/sudo-io
- add some comments to default sudoers

* Mon Mar 04 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.8.6p7-1
- update to 1.8.6p7
- drop unneeded patches.

* Sat May 19 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-5
- add patch120 for fix CVE-2012-2337 (netmask match)

* Fri Jun 03 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2p7-4
- update sudoers
  - enable "%wheel ALL=(ALL) ALL" by default.

* Thu Feb 10 2011 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-3
- add patch110,111 for fix CVE-2011-0010 ("-g" option)

* Wed Sep  8 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-2
- add Patch100 for fix CVE-2010-2956 (sudo Runas)
- add _smp_mflags flag into make section
- fix doc filelist (no longer exist BUGS, CHANGSE)

* Sun Jun 20 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p7-1
- new upstream release with security fix (CVE-2010-1646) 
- change specfile name (-vl)

* Sun Apr 25 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p6-1
- new upstream release with security fix (CVE-2010-1163)
- add sudoers.ldap.5 into files section

* Wed Feb 24 2010 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.7.2p4-1
- new upstream release with security fix (CVE-2010-0426)
- update Patch3

* Wed Jul 15 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.2-1
- new upstream release

* Wed Jun 17 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.7.1-1
- new upstream release
- update patches
- disable "Defaults requiretty"

* Fri Feb 13 2009 NAKAMURA Kenta <kenta@vinelinux.org> 1.6.9p20-2
- rebuilt with openldap-2.4.11

* Thu Feb 12 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.9p20-1
- new upstream release with security fix (CVE 2009-0034)

* Sat Aug 16 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.9p17-1
- new upstream release
- merge some changes from fedoraproject
  - include [sudo] in password prompt
  - compiled with secure path
  - also use getgrouplist() to determine group membership
  - add sudoers file
    - add command aliases, default environment config
- build with openldap

* Fri Aug 15 2008 Shu KONNO <owa@bg.wakwak.com> 1.6.8p12-1vl5
- applied new versioning policy, spec in utf-8

* Fri May 19 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p12-0vl2
- change PAM configuration to use system-auth
- add --with-ignore-dot, --with-editor and --with-env-editor to
  configure option.

* Mon Jan 23 2006 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.6.8p12-0vl1
- new upstream release (included security fix)
- add patch1 for fix CVE-2006-0151

* Mon May 09 2005 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.8p8-0vl1
- new upstream release
- use macros
- build with pam

* Wed Jan 19 2005 IWAI, Masaharu <iwai@alib.jp> 1.6.8p6-0vl1
- new upstream release

* Sun Oct 10 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8p1-0vl1
- SECURITY FIX: new upstream release
- update rpmnonroot.patch ( Patch0 )
- add new man page: sudoedit(8)

* Wed Sep  1 2004 IWAI, Masaharu <iwai@alib.jp> 1.6.8-0vl1
- new upstream release
- update rpmnonroot.patch ( Patch0 )
- change Copyrigh tag to License tag
- update License
- update URL and Source0: official web site moved.
- new files: %%{_bindir}/sudoedit and %%{_libexecdir}/sudo_noexec.*

* Mon Apr 14 2003 IWAI Masaharu <iwai@alib.jp> 1.6.7p3-0vl1
- upstream release

* Wed May 08 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl3
- fixed changelog
        -- don't expand macros in changelog ;P
		
* Wed May 01 2002 Satoshi MACHINO <machino@vinelinux.org> 1.6.6-0vl2
- changed to use configure in build section
        (can't build on sparc)

* Fri Apr 26 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 1.6.6-0vl1
- upstream release
- fix security hole : buffer over flow

* Thu Jan 24 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p2-0vl1
- upstream release
- updated sudo.rpmnonroot.diff

* Fri Jan 18 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.5p1-0vl1
- upstream release
- added configure script option '--disable-root-mailer'

* Tue Jan 15 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4p1-0vl1
- upstream release
- eliminated FAQ from %doc

* Mon Jan 14 2002 IWAI Masaharu <iwaim@cc.mbn.or.jp> 1.6.4-0vl1
- upstream release
- added noreplace flag (%{_sysconfdir}/sudoers file is not replaced)
- updated sudo.rpmnonroot.diff

* Wed May 09 2001 <sagami@vinelinux.org>
- 1.6.3p7-0vl2: follow up 1.6.2p6-0.6vl1

* Fri Mar 02 2001 sagami@vinelinux.org
- 1.6.3p7-0vl1
- use better macros

* Thu Mar 1 2001 Kunio Murasawa <murasawa@marineroad.com>
- 1.6.3p6-0vl1
- changed sudo.rpmnonroot.diff for 1.6.3p6

* Tue Sep 19 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
- 1.6.1-2vl5
- patch -p1 -> patch -p0

* Mon Sep 18 2000 MATSUMOTO Shoji <shom@vinelinux.org>
- 1.6.1-2vl4
- fix uid/gid to root.root
- add sudo.rpmnonroot.diff to built by non-root users

* Tue Sep 12 2000 Jun Nishii <jun@vinelinux.org>
- 1.6.1-2vl3
- fix attr

* Sun Sep 10 2000 Jun Nishii <jun@vinelinux.org>
- 1.6.1-2vl2
- enable to build by non-root useres

* Fri Sep 08 2000 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
- 1.6.1-2vl1
- modified %files section to handle compressed man page(s)

* Fri Jan  7 2000 Jun Nishii <jun@vinelinux.org>
- change group

* Thu Dec 30 1999 Jun Nishii <jun@vinelinux.org>
- version 1.6.1
- build for Vine Linux 2.0

* Fri May 14  1999 Takeda Eiji <keda@flatout.org>
- sudo reads $BuildRoot%{_sysconfdir}/sudoers. Make change to read /etc/sudoers.

* Wed Apr 21 1999 Hiroto Watanabe <watanabe@cij.co.jp>
- Initial Release