-
Notifications
You must be signed in to change notification settings - Fork 614
Expand file tree
/
Copy pathsudo.spec
More file actions
221 lines (174 loc) · 7.19 KB
/
sudo.spec
File metadata and controls
221 lines (174 loc) · 7.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
Summary: Sudo
Name: sudo
Version: 1.9.17
Release: 2%{?dist}
License: ISC
URL: https://www.sudo.ws/
Group: System Environment/Security
Vendor: Microsoft Corporation
Distribution: Mariner
Source0: https://www.sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
Patch0: CVE-2025-32462.patch
Patch1: CVE-2025-32463.patch
Patch2: CVE-2026-35535.patch
BuildRequires: audit-devel
BuildRequires: man-db
BuildRequires: openssl-devel
BuildRequires: openssl-libs
BuildRequires: pam-devel
BuildRequires: sed
BuildRequires: zlib-devel
BuildRequires: openldap-devel
Requires: audit-libs
Requires: openssl-libs
Requires: pam
Requires: shadow-utils
Requires: zlib
%description
The Sudo package allows a system administrator to give certain users (or groups of users)
the ability to run some (or all) commands as root or another user while logging the commands and arguments.
%prep
%autosetup -p1
%build
./configure \
--prefix=%{_prefix} \
--bindir=%{_bindir} \
--libexecdir=%{_libdir} \
--docdir=%{_docdir}/%{name}-%{version} \
--with-env-editor \
--with-pam \
--with-ldap \
--with-linux-audit \
--enable-zlib=system \
--with-passprompt="[sudo] password for %p: "
make %{?_smp_mflags}
%install
[ %{buildroot} != "/"] && rm -rf %{buildroot}/*
make install DESTDIR=%{buildroot}
install -v -dm755 %{buildroot}/%{_docdir}/%{name}-%{version}
find %{buildroot}/%{_libdir} -name '*.la' -delete
find %{buildroot}/%{_libdir} -name '*.so~' -delete
# Add default user to sudoers group BEFORE the @includedir
sed -i -E '/## Read drop-in files.+/i %wheel ALL=(ALL) ALL\n%sudo ALL=(ALL) ALL' %{buildroot}/etc/sudoers
install -vdm755 %{buildroot}/etc/pam.d
cat > %{buildroot}/etc/pam.d/sudo << EOF
#%%PAM-1.0
auth include system-auth
account include system-account
password include system-password
session include system-session
session required pam_env.so
EOF
mkdir -p %{buildroot}%{_libdir}/tmpfiles.d
touch %{buildroot}%{_libdir}/tmpfiles.d/sudo.conf
%find_lang %{name}
%{_fixperms} %{buildroot}/*
%check
make %{?_smp_mflags} check
%post
/sbin/ldconfig
if [ $1 -eq 1 ] ; then
getent group wheel > /dev/null || groupadd wheel
fi
%postun -p /sbin/ldconfig
%files -f %{name}.lang
%defattr(-,root,root)
%license LICENSE.md
%attr(0440,root,root) %config(noreplace) %{_sysconfdir}/sudoers
%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d/
%config(noreplace) %{_sysconfdir}/pam.d/sudo
%config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
%config(noreplace) %{_sysconfdir}/sudo.conf
%{_bindir}/*
%{_includedir}/*
%{_libdir}/sudo/*.so
%{_libdir}/sudo/*.so.*
%{_sbindir}/*
%{_datarootdir}/locale/*
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%{_docdir}/%{name}-%{version}/*
%attr(0644,root,root) %{_libdir}/tmpfiles.d/sudo.conf
%exclude /etc/sudoers.dist
%changelog
* Thu Apr 09 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.9.17-2
- Patch for CVE-2026-35535
* Fri Jun 27 2025 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.9.17-1
- Upgrade to version 1.9.17.
- Patching CVEs: 2025-32462 and 2025-32463.
* Mon Jan 8 13:11:48 EST 2024 Dan Streetman <ddstreet@ieee.org> - 1.9.15p5-1
- Update for CVE-2023-42465
* Tue Dec 19 2023 Andy Zaugg <azaugg@linkedin.com> - 1.9.14p3-2
- Add patch to bug fix support for NETGROUP_QUERY
* Fri Aug 25 2023 Andy Zaugg <azaugg@linkedin.com> - 1.9.14p3-1
- Bump version to 1.9.14p3
* Mon May 08 2023 Andy Zaugg <azaugg@linkedin.com> - 1.9.13p3-2
- Add config option to sudo build to allow configuration of sudo via LDAP.
* Thu Mar 16 2023 Thien Trung Vuong <tvuong@microsoft.com> - 1.9.13p3-1
- Upgrade to 1.9.13p3 to fix CVE-2023-27320
* Wed Feb 08 2023 Rachel Menge <rachelmenge@microsoft.com> - 1.9.12p2-1
- Upgrade to 1.9.12p2 for CVE-2023-22809
* Thu Nov 10 2022 Ahmed Badawi <ahmedbadawi@microsoft.com> - 1.9.12p1-1
- Upgrade sudo to version 1.9.12p1 to fix CVE-2022-43995.
* Tue Mar 08 2022 Jon Slobodzian <joslobo@microsoft.com> - 1.9.10
- Upgrade to Latest Stable sudo version for CBL-Mariner 2.0
* Thu Dec 16 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.9.5p2-3
- Removing the explicit %%clean stage.
* Mon Feb 22 2021 Mateusz Malisz <mamalisz@microsoft.com> 1.9.5p2-2
- Move sudo/wheel groups before @includedir to not override user's settings.
* Tue Jan 26 2021 Mateusz Malisz <mamalisz@microsoft.com> 1.9.5p2-1
- Update to version 1.9.5.p2 to fix CVE-2021-3156.
- Change the password prompt to include ": " at the end.
- Unconditionally add wheel/sudo groups.
* Fri Jan 15 2021 Mateusz Malisz <mamalisz@microsoft.com> 1.9.5p1-1
- Update to version 1.9.5.p1 to fix CVE-2021-23240.
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 1.8.31p1-4
- Added %%license line automatically
* Tue Apr 28 2020 Emre Girgin <mrgirgin@microsoft.com> 1.8.31p1-3
- Renaming Linux-PAM to pam
* Fri Apr 17 2020 Emre Girgin <mrgirgin@microsoft.com> 1.8.31p1-2
- Rename shadow to shadow-utils.
* Wed Mar 18 2020 Henry Beberman <henry.beberman@microsoft.com> 1.8.31p1-1
- Update to 1.8.31p1. License verified.
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 1.8.23-2
- Initial CBL-Mariner import from Photon (license: Apache2).
* Tue Sep 11 2018 Keerthana K <keerthanak@vmware.com> 1.8.23-1
- Update to version 1.8.23.
* Thu Mar 01 2018 Anish Swaminathan <anishs@vmware.com> 1.8.20p2-5
- Move includedir sudoers.d to end of sudoers file
* Tue Oct 10 2017 Alexey Makhalov <amakhalov@vmware.com> 1.8.20p2-4
- No direct toybox dependency, shadow depends on toybox
* Mon Sep 18 2017 Alexey Makhalov <amakhalov@vmware.com> 1.8.20p2-3
- Requires shadow or toybox
* Fri Jul 07 2017 Chang Lee <changlee@vmware.com> 1.8.20p2-2
- Including /usr/lib/tmpfiles.d/sudo.conf from %files
* Thu Jun 15 2017 Kumar Kaushik <kaushikk@vmware.com> 1.8.20p2-1
- Udating version to 1.8.20p2, fixing CVE-2017-1000367 and CVE-2017-1000368
* Wed Apr 12 2017 Vinay Kulkarni <kulkarniv@vmware.com> 1.8.19p2-1
- Update to version 1.8.19p2
* Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 1.8.18p1-3
- BuildRequires Linux-PAM-devel
* Thu Oct 20 2016 Alexey Makhalov <amakhalov@vmware.com> 1.8.18p1-2
- Remove --with-pam-login to use /etc/pam.d/sudo for `sudo -i`
- Fix groupadd wheel warning during the %post action
* Tue Oct 18 2016 Alexey Makhalov <amakhalov@vmware.com> 1.8.18p1-1
- Update to 1.8.18p1
* Tue Oct 04 2016 ChangLee <changlee@vmware.com> 1.8.15-4
- Modified %check
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.8.15-3
- GA - Bump release of all rpms
* Wed May 4 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.8.15-2
- Fix for upgrade issues
* Wed Jan 20 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.8.15-1
- Update to 1.8.15-1.
* Wed Dec 09 2015 Anish Swaminathan <anishs@vmware.com> 1.8.11p1-5
- Edit post script.
* Mon Jun 22 2015 Divya Thaluru <dthaluru@vmware.com> 1.8.11p1-4
- Fixing permissions on /etc/sudoers file
* Fri May 29 2015 Divya Thaluru <dthaluru@vmware.com> 1.8.11p1-3
- Adding sudo configuration and PAM config file
* Wed May 27 2015 Divya Thaluru <dthaluru@vmware.com> 1.8.11p1-2
- Adding PAM support
* Thu Oct 09 2014 Divya Thaluru <dthaluru@vmware.com> 1.8.11p1-1
- Initial build. First version