rpms/sudo/devel sudo-1.6.8p8-selinux.patch, 1.1, 1.2 sudo.spec, 1.28, 1.29 sudo-1.6.8p8-sesh-stopsig.patch, 1.1, NONE

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Oct 11 11:41:13 UTC 2005 

Author: kzak

Update of /cvs/dist/rpms/sudo/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv704

Modified Files:
	sudo-1.6.8p8-selinux.patch sudo.spec 
Removed Files:
	sudo-1.6.8p8-sesh-stopsig.patch 
Log Message:
fix selinux patch

sudo-1.6.8p8-selinux.patch:
 Makefile.in  |   16 +++-
 configure    |    2 
 configure.in |    2 
 sesh.c       |   61 ++++++++++++++++
 sudo.c       |  224 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 sudo.man.in  |   11 ++
 6 files changed, 307 insertions(+), 9 deletions(-)

Index: sudo-1.6.8p8-selinux.patch
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo-1.6.8p8-selinux.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sudo-1.6.8p8-selinux.patch	12 Apr 2005 12:19:47 -0000	1.1
+++ sudo-1.6.8p8-selinux.patch	11 Oct 2005 11:41:08 -0000	1.2
@@ -1,7 +1,131 @@
---- /dev/null	2005-03-07 11:59:46.679193192 +0100
-+++ sudo-1.6.8p8/sesh.c	2005-04-12 12:53:01.000000000 +0200
-@@ -0,0 +1,46 @@
+--- sudo-1.6.8p9/configure.in.selinux	2004-11-25 18:31:20.000000000 +0100
++++ sudo-1.6.8p9/configure.in	2005-10-11 11:48:24.000000000 +0200
+@@ -98,7 +98,7 @@
+ dnl Initial values for Makefile variables listed above
+ dnl May be overridden by environment variables..
+ dnl
+-PROGS="sudo visudo"
++PROGS="sudo visudo sesh"
+ test -n "$MANTYPE" || MANTYPE="man"
+ test -n "$mansrcdir" || mansrcdir="."
+ test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
+--- sudo-1.6.8p9/Makefile.in.selinux	2005-06-19 22:03:50.000000000 +0200
++++ sudo-1.6.8p9/Makefile.in	2005-10-11 11:48:24.000000000 +0200
+@@ -43,7 +43,8 @@
+ # Libraries
+ LIBS = @LIBS@
+ NET_LIBS = @NET_LIBS@
+-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
++SELINUX_LIBS = -lselinux 
++SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
+ 
+ # C preprocessor flags
+ CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
+@@ -90,7 +91,7 @@
+ sudoers_mode = @SUDOERS_MODE@
+ 
+ # Pass in paths and uid/gid + OS dependent defined
+-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
++DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
+ 
+ #### End of system configuration section. ####
+ 
+@@ -104,7 +105,7 @@
+        parse.c parse.lex parse.yacc set_perms.c sigaction.c snprintf.c \
+        strcasecmp.c strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c \
+        sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c utimes.c visudo.c \
+-       zero_bytes.c $(AUTH_SRCS)
++       zero_bytes.c $(AUTH_SRCS) sesh.c
+ 
+ AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
+ 	    auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
+@@ -126,6 +127,8 @@
+ 
+ VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
+ 
++SESH_OBJS = sesh.o
++
+ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
+ 
+ LIBOBJS = @LIBOBJS@ @ALLOCA@
+@@ -145,7 +148,7 @@
+ BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
+ 	  UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
+ 	  sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
+-	  sudoers.pod visudo visudo.cat visudo.man visudo.pod
++	  sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
+ 
+ BINSPECIAL= INSTALL.binary Makefile.binary libtool
+ 
+@@ -177,6 +180,9 @@
+ visudo: $(VISUDOBJS) $(LIBOBJS)
+ 	$(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
+ 
++sesh: $(SESH_OBJS) 
++	$(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
++
+ testsudoers: $(TESTOBJS) $(LIBOBJS)
+ 	$(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
+ 
+@@ -215,6 +221,7 @@
+ set_perms.o: set_perms.c $(SUDODEP)
+ tgetpass.o: tgetpass.c $(SUDODEP)
+ visudo.o: visudo.c $(SUDODEP) version.h
++sesh.o: sesh.c 
+ sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
+ interfaces.o: interfaces.c $(SUDODEP) interfaces.h
+ testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
+@@ -306,6 +313,7 @@
+ 	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
+ 
+ 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
++	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
+ 
+ install-noexec: sudo_noexec.la
+ 	$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
+--- sudo-1.6.8p9/sudo.man.in.selinux	2005-06-19 22:05:34.000000000 +0200
++++ sudo-1.6.8p9/sudo.man.in	2005-10-11 11:48:24.000000000 +0200
+@@ -157,6 +157,7 @@
+ \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
+ .PP
+ \&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
++[\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
+ [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+ {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
+ .PP
+@@ -235,6 +236,16 @@
+ \&\fBsudo\fR will initialize the group vector to the list of groups the
+ target user is in.  The real and effective group IDs, however, are
+ still set to match the target user.
++.IP "\-r" 4
++.IX Item "-r"
++The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
++\fIROLE\fR.
++.IP "\-t" 4
++.IX Item "-t" 
++The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
++specified by
++\fITYPE\fR.
++If no type is specified, the default type is derived from the specified role.
+ .IP "\-S" 4
+ .IX Item "-S"
+ The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
+--- sudo-1.6.8p9/configure.selinux	2004-11-26 21:04:30.000000000 +0100
++++ sudo-1.6.8p9/configure	2005-10-11 11:48:24.000000000 +0200
+@@ -1608,7 +1608,7 @@
+ insults=off
+ root_sudo=on
+ INSTALL_NOEXEC=
+-PROGS="sudo visudo"
++PROGS="sudo visudo sesh"
+ test -n "$MANTYPE" || MANTYPE="man"
+ test -n "$mansrcdir" || mansrcdir="."
+ test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
+--- /dev/null	2005-10-07 17:17:17.781101976 +0200
++++ sudo-1.6.8p9/sesh.c	2005-10-11 11:48:24.000000000 +0200
+@@ -0,0 +1,61 @@
 +#include <stdio.h>
++#include <stdlib.h>
 +#include <unistd.h>
 +#include <limits.h>
 +#include <sys/types.h>
@@ -25,19 +149,33 @@
 +    int status;
 +    int ret;
 +
-+    do {
-+      if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
++    while (1) {
++      if ((ret = waitpid(pid, &status, WUNTRACED)) < 0 && errno == EINTR)
 +        continue;
 +      else if (ret < 0) {
 +        perror("waitpid failed");
 +        exit(1);
 +      }
-+    } while (0);
++
++      if (!WIFSTOPPED(status))
++	break;
++
++      /* Reset the handler in case it was inherited ignored,
++	 but the child reset it and stopped anyway.  */
++      signal(WSTOPSIG(status), SIG_DFL);
++      raise(WSTOPSIG(status));
++
++      /* Now we stop until continued ourselves.  */
++      kill(getpgid(pid) == pid ? -pid : pid, SIGCONT);
++    }
 +
 +    if (WIFEXITED(status))
 +      exit(WEXITSTATUS(status));
++    else if (WIFSIGNALED(status))
++      /* XXX print here like the shell would? */
++      exit(128 + WTERMSIG(status));
 +    else
-+      exit(1);
++      exit(127);		/* Should never happen.  */
 +  } else {
 +    /* Child */
 +    execv(argv[1], &argv[1]);
@@ -47,8 +185,8 @@
 +    exit(-1);
 +  }
 +}
---- sudo-1.6.8p8/sudo.c.selinux	2005-03-25 02:56:41.000000000 +0100
-+++ sudo-1.6.8p8/sudo.c	2005-04-12 14:04:01.765372148 +0200
+--- sudo-1.6.8p9/sudo.c.selinux	2005-06-19 22:35:46.000000000 +0200
++++ sudo-1.6.8p9/sudo.c	2005-10-11 12:25:52.000000000 +0200
 @@ -92,6 +92,17 @@
  #include "interfaces.h"
  #include "version.h"
@@ -231,26 +369,7 @@
      char **new_environ;
      sigaction_t sa;
      extern int printmatches;
-@@ -203,9 +358,6 @@
-     /* Setup defaults data structures. */
-     init_defaults();
- 
--    /* Load the list of local ip addresses and netmasks.  */
--    load_interfaces();
--
-     pwflag = 0;
-     if (ISSET(sudo_mode, MODE_SHELL))
- 	user_cmnd = "shell";
-@@ -219,6 +371,8 @@
- 		    putchar('\n');
- 		    dump_auth_methods();
- 		    dump_defaults();
-+		    /* Load the list of local ip addresses and netmasks.  */
-+		    load_interfaces();
- 		    dump_interfaces();
- 		}
- 		exit(0);
-@@ -445,8 +599,44 @@
+@@ -439,8 +594,44 @@
  #ifndef PROFILING
  	if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
  	    exit(0);
@@ -297,7 +416,7 @@
  #else
  	exit(0);
  #endif /* PROFILING */
-@@ -734,6 +924,30 @@
+@@ -728,6 +919,30 @@
  		NewArgv++;
  		break;
  #endif
@@ -328,7 +447,7 @@
  #ifdef HAVE_LOGIN_CAP_H
  	    case 'c':
  		/* Must have an associated login class. */
-@@ -1119,6 +1333,9 @@
+@@ -1113,6 +1328,9 @@
  #ifdef HAVE_BSD_AUTH_H
  	" [-a auth_type]",
  #endif
@@ -338,126 +457,3 @@
  #ifdef HAVE_LOGIN_CAP_H
  	" [-c class|-]",
  #endif
---- sudo-1.6.8p8/configure.selinux	2004-11-26 21:04:30.000000000 +0100
-+++ sudo-1.6.8p8/configure	2005-04-12 12:53:01.000000000 +0200
-@@ -1608,7 +1608,7 @@
- insults=off
- root_sudo=on
- INSTALL_NOEXEC=
--PROGS="sudo visudo"
-+PROGS="sudo visudo sesh"
- test -n "$MANTYPE" || MANTYPE="man"
- test -n "$mansrcdir" || mansrcdir="."
- test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
---- sudo-1.6.8p8/configure.in.selinux	2004-11-25 18:31:20.000000000 +0100
-+++ sudo-1.6.8p8/configure.in	2005-04-12 12:53:01.000000000 +0200
-@@ -98,7 +98,7 @@
- dnl Initial values for Makefile variables listed above
- dnl May be overridden by environment variables..
- dnl
--PROGS="sudo visudo"
-+PROGS="sudo visudo sesh"
- test -n "$MANTYPE" || MANTYPE="man"
- test -n "$mansrcdir" || mansrcdir="."
- test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
---- sudo-1.6.8p8/sudo.man.in.selinux	2005-03-11 20:11:31.000000000 +0100
-+++ sudo-1.6.8p8/sudo.man.in	2005-04-12 12:53:01.000000000 +0200
-@@ -157,6 +157,7 @@
- \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
- .PP
- \&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
-+[\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
- [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
- {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
- .PP
-@@ -235,6 +236,16 @@
- \&\fBsudo\fR will initialize the group vector to the list of groups the
- target user is in.  The real and effective group IDs, however, are
- still set to match the target user.
-+.IP "\-r" 4
-+.IX Item "-r"
-+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
-+\fIROLE\fR.
-+.IP "\-t" 4
-+.IX Item "-t" 
-+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
-+specified by
-+\fITYPE\fR.
-+If no type is specified, the default type is derived from the specified role.
- .IP "\-S" 4
- .IX Item "-S"
- The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
---- sudo-1.6.8p8/Makefile.in.selinux	2005-03-11 20:08:52.000000000 +0100
-+++ sudo-1.6.8p8/Makefile.in	2005-04-12 12:53:01.000000000 +0200
-@@ -43,7 +43,8 @@
- # Libraries
- LIBS = @LIBS@
- NET_LIBS = @NET_LIBS@
--SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
-+SELINUX_LIBS = -lselinux 
-+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
- 
- # C preprocessor flags
- CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
-@@ -90,7 +91,7 @@
- sudoers_mode = @SUDOERS_MODE@
- 
- # Pass in paths and uid/gid + OS dependent defined
--DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
-+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
- 
- #### End of system configuration section. ####
- 
-@@ -104,7 +105,7 @@
-        parse.c parse.lex parse.yacc set_perms.c sigaction.c snprintf.c \
-        strcasecmp.c strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c \
-        sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c utimes.c visudo.c \
--       zero_bytes.c $(AUTH_SRCS)
-+       zero_bytes.c $(AUTH_SRCS) sesh.c
- 
- AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
- 	    auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
-@@ -126,6 +127,8 @@
- 
- VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
- 
-+SESH_OBJS = sesh.o
-+
- TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
- 
- LIBOBJS = @LIBOBJS@ @ALLOCA@
-@@ -145,7 +148,7 @@
- BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
- 	  UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
- 	  sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
--	  sudoers.pod visudo visudo.cat visudo.man visudo.pod
-+	  sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
- 
- BINSPECIAL= INSTALL.binary Makefile.binary libtool
- 
-@@ -177,6 +180,9 @@
- visudo: $(VISUDOBJS) $(LIBOBJS)
- 	$(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
- 
-+sesh: $(SESH_OBJS) 
-+	$(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
-+
- testsudoers: $(TESTOBJS) $(LIBOBJS)
- 	$(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
- 
-@@ -215,6 +221,7 @@
- set_perms.o: set_perms.c $(SUDODEP)
- tgetpass.o: tgetpass.c $(SUDODEP)
- visudo.o: visudo.c $(SUDODEP) version.h
-+sesh.o: sesh.c 
- sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
- interfaces.o: interfaces.c $(SUDODEP) interfaces.h
- testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
-@@ -306,6 +313,7 @@
- 	ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
- 
- 	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
-+	$(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
- 
- install-noexec: sudo_noexec.la
- 	$(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)


Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo.spec,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- sudo.spec	11 Oct 2005 09:39:44 -0000	1.28
+++ sudo.spec	11 Oct 2005 11:41:09 -0000	1.29
@@ -4,7 +4,7 @@
 Summary: Allows restricted root access for specified users.
 Name: sudo
 Version: 1.6.8p9
-Release: 4
+Release: 5
 License: BSD
 Group: Applications/System
 Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -19,10 +19,8 @@
 Patch1: sudo-1.6.8p8-selinux.patch
 # 154511 - sudo does not use limits.conf
 Patch2: sudo-1.6.8p8-pam-sess.patch
-# 162623 - sesh hangs when child suspends
-Patch3: sudo-1.6.8p8-sesh-stopsig.patch
 # don't strip
-Patch4: sudo-1.6.7p5-strip.patch
+Patch3: sudo-1.6.7p5-strip.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -43,8 +41,7 @@
 %endif
 
 %patch2 -p1 -b .sess
-%patch3 -p1 -b .sigstop
-%patch4 -p1 -b .strip
+%patch3 -p1 -b .strip
 
 %build
 %ifarch s390 s390x
@@ -110,6 +107,10 @@
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Tue Oct 11 2005 Karel Zak <kzak at redhat.com> 1.6.8p9-5
+- enable interfaces in selinux patch
+- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
+
 * Mon Sep 19 2005 Karel Zak <kzak at redhat.com> 1.6.8p9-4
 - fix debuginfo
 


--- sudo-1.6.8p8-sesh-stopsig.patch DELETED ---

More information about the fedora-cvs-commits mailing list