rpms/sudo/devel sudo-1.6.8p8-selinux.patch, 1.1, 1.2 sudo.spec, 1.28, 1.29 sudo-1.6.8p8-sesh-stopsig.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Oct 11 11:41:13 UTC 2005
Author: kzak
Update of /cvs/dist/rpms/sudo/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv704
Modified Files:
sudo-1.6.8p8-selinux.patch sudo.spec
Removed Files:
sudo-1.6.8p8-sesh-stopsig.patch
Log Message:
fix selinux patch
sudo-1.6.8p8-selinux.patch:
Makefile.in | 16 +++-
configure | 2
configure.in | 2
sesh.c | 61 ++++++++++++++++
sudo.c | 224 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
sudo.man.in | 11 ++
6 files changed, 307 insertions(+), 9 deletions(-)
Index: sudo-1.6.8p8-selinux.patch
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo-1.6.8p8-selinux.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sudo-1.6.8p8-selinux.patch 12 Apr 2005 12:19:47 -0000 1.1
+++ sudo-1.6.8p8-selinux.patch 11 Oct 2005 11:41:08 -0000 1.2
@@ -1,7 +1,131 @@
---- /dev/null 2005-03-07 11:59:46.679193192 +0100
-+++ sudo-1.6.8p8/sesh.c 2005-04-12 12:53:01.000000000 +0200
-@@ -0,0 +1,46 @@
+--- sudo-1.6.8p9/configure.in.selinux 2004-11-25 18:31:20.000000000 +0100
++++ sudo-1.6.8p9/configure.in 2005-10-11 11:48:24.000000000 +0200
+@@ -98,7 +98,7 @@
+ dnl Initial values for Makefile variables listed above
+ dnl May be overridden by environment variables..
+ dnl
+-PROGS="sudo visudo"
++PROGS="sudo visudo sesh"
+ test -n "$MANTYPE" || MANTYPE="man"
+ test -n "$mansrcdir" || mansrcdir="."
+ test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
+--- sudo-1.6.8p9/Makefile.in.selinux 2005-06-19 22:03:50.000000000 +0200
++++ sudo-1.6.8p9/Makefile.in 2005-10-11 11:48:24.000000000 +0200
+@@ -43,7 +43,8 @@
+ # Libraries
+ LIBS = @LIBS@
+ NET_LIBS = @NET_LIBS@
+-SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
++SELINUX_LIBS = -lselinux
++SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
+
+ # C preprocessor flags
+ CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
+@@ -90,7 +91,7 @@
+ sudoers_mode = @SUDOERS_MODE@
+
+ # Pass in paths and uid/gid + OS dependent defined
+-DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
++DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
+
+ #### End of system configuration section. ####
+
+@@ -104,7 +105,7 @@
+ parse.c parse.lex parse.yacc set_perms.c sigaction.c snprintf.c \
+ strcasecmp.c strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c \
+ sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c utimes.c visudo.c \
+- zero_bytes.c $(AUTH_SRCS)
++ zero_bytes.c $(AUTH_SRCS) sesh.c
+
+ AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
+ auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
+@@ -126,6 +127,8 @@
+
+ VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
+
++SESH_OBJS = sesh.o
++
+ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
+
+ LIBOBJS = @LIBOBJS@ @ALLOCA@
+@@ -145,7 +148,7 @@
+ BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
+ UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
+ sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
+- sudoers.pod visudo visudo.cat visudo.man visudo.pod
++ sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
+
+ BINSPECIAL= INSTALL.binary Makefile.binary libtool
+
+@@ -177,6 +180,9 @@
+ visudo: $(VISUDOBJS) $(LIBOBJS)
+ $(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
+
++sesh: $(SESH_OBJS)
++ $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
++
+ testsudoers: $(TESTOBJS) $(LIBOBJS)
+ $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
+
+@@ -215,6 +221,7 @@
+ set_perms.o: set_perms.c $(SUDODEP)
+ tgetpass.o: tgetpass.c $(SUDODEP)
+ visudo.o: visudo.c $(SUDODEP) version.h
++sesh.o: sesh.c
+ sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
+ interfaces.o: interfaces.c $(SUDODEP) interfaces.h
+ testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
+@@ -306,6 +313,7 @@
+ ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
+
+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
++ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
+
+ install-noexec: sudo_noexec.la
+ $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
+--- sudo-1.6.8p9/sudo.man.in.selinux 2005-06-19 22:05:34.000000000 +0200
++++ sudo-1.6.8p9/sudo.man.in 2005-10-11 11:48:24.000000000 +0200
+@@ -157,6 +157,7 @@
+ \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
+ .PP
+ \&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
++[\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
+ [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
+ {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
+ .PP
+@@ -235,6 +236,16 @@
+ \&\fBsudo\fR will initialize the group vector to the list of groups the
+ target user is in. The real and effective group IDs, however, are
+ still set to match the target user.
++.IP "\-r" 4
++.IX Item "-r"
++The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
++\fIROLE\fR.
++.IP "\-t" 4
++.IX Item "-t"
++The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
++specified by
++\fITYPE\fR.
++If no type is specified, the default type is derived from the specified role.
+ .IP "\-S" 4
+ .IX Item "-S"
+ The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
+--- sudo-1.6.8p9/configure.selinux 2004-11-26 21:04:30.000000000 +0100
++++ sudo-1.6.8p9/configure 2005-10-11 11:48:24.000000000 +0200
+@@ -1608,7 +1608,7 @@
+ insults=off
+ root_sudo=on
+ INSTALL_NOEXEC=
+-PROGS="sudo visudo"
++PROGS="sudo visudo sesh"
+ test -n "$MANTYPE" || MANTYPE="man"
+ test -n "$mansrcdir" || mansrcdir="."
+ test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
+--- /dev/null 2005-10-07 17:17:17.781101976 +0200
++++ sudo-1.6.8p9/sesh.c 2005-10-11 11:48:24.000000000 +0200
+@@ -0,0 +1,61 @@
+#include <stdio.h>
++#include <stdlib.h>
+#include <unistd.h>
+#include <limits.h>
+#include <sys/types.h>
@@ -25,19 +149,33 @@
+ int status;
+ int ret;
+
-+ do {
-+ if ((ret = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
++ while (1) {
++ if ((ret = waitpid(pid, &status, WUNTRACED)) < 0 && errno == EINTR)
+ continue;
+ else if (ret < 0) {
+ perror("waitpid failed");
+ exit(1);
+ }
-+ } while (0);
++
++ if (!WIFSTOPPED(status))
++ break;
++
++ /* Reset the handler in case it was inherited ignored,
++ but the child reset it and stopped anyway. */
++ signal(WSTOPSIG(status), SIG_DFL);
++ raise(WSTOPSIG(status));
++
++ /* Now we stop until continued ourselves. */
++ kill(getpgid(pid) == pid ? -pid : pid, SIGCONT);
++ }
+
+ if (WIFEXITED(status))
+ exit(WEXITSTATUS(status));
++ else if (WIFSIGNALED(status))
++ /* XXX print here like the shell would? */
++ exit(128 + WTERMSIG(status));
+ else
-+ exit(1);
++ exit(127); /* Should never happen. */
+ } else {
+ /* Child */
+ execv(argv[1], &argv[1]);
@@ -47,8 +185,8 @@
+ exit(-1);
+ }
+}
---- sudo-1.6.8p8/sudo.c.selinux 2005-03-25 02:56:41.000000000 +0100
-+++ sudo-1.6.8p8/sudo.c 2005-04-12 14:04:01.765372148 +0200
+--- sudo-1.6.8p9/sudo.c.selinux 2005-06-19 22:35:46.000000000 +0200
++++ sudo-1.6.8p9/sudo.c 2005-10-11 12:25:52.000000000 +0200
@@ -92,6 +92,17 @@
#include "interfaces.h"
#include "version.h"
@@ -231,26 +369,7 @@
char **new_environ;
sigaction_t sa;
extern int printmatches;
-@@ -203,9 +358,6 @@
- /* Setup defaults data structures. */
- init_defaults();
-
-- /* Load the list of local ip addresses and netmasks. */
-- load_interfaces();
--
- pwflag = 0;
- if (ISSET(sudo_mode, MODE_SHELL))
- user_cmnd = "shell";
-@@ -219,6 +371,8 @@
- putchar('\n');
- dump_auth_methods();
- dump_defaults();
-+ /* Load the list of local ip addresses and netmasks. */
-+ load_interfaces();
- dump_interfaces();
- }
- exit(0);
-@@ -445,8 +599,44 @@
+@@ -439,8 +594,44 @@
#ifndef PROFILING
if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0)
exit(0);
@@ -297,7 +416,7 @@
#else
exit(0);
#endif /* PROFILING */
-@@ -734,6 +924,30 @@
+@@ -728,6 +919,30 @@
NewArgv++;
break;
#endif
@@ -328,7 +447,7 @@
#ifdef HAVE_LOGIN_CAP_H
case 'c':
/* Must have an associated login class. */
-@@ -1119,6 +1333,9 @@
+@@ -1113,6 +1328,9 @@
#ifdef HAVE_BSD_AUTH_H
" [-a auth_type]",
#endif
@@ -338,126 +457,3 @@
#ifdef HAVE_LOGIN_CAP_H
" [-c class|-]",
#endif
---- sudo-1.6.8p8/configure.selinux 2004-11-26 21:04:30.000000000 +0100
-+++ sudo-1.6.8p8/configure 2005-04-12 12:53:01.000000000 +0200
-@@ -1608,7 +1608,7 @@
- insults=off
- root_sudo=on
- INSTALL_NOEXEC=
--PROGS="sudo visudo"
-+PROGS="sudo visudo sesh"
- test -n "$MANTYPE" || MANTYPE="man"
- test -n "$mansrcdir" || mansrcdir="."
- test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
---- sudo-1.6.8p8/configure.in.selinux 2004-11-25 18:31:20.000000000 +0100
-+++ sudo-1.6.8p8/configure.in 2005-04-12 12:53:01.000000000 +0200
-@@ -98,7 +98,7 @@
- dnl Initial values for Makefile variables listed above
- dnl May be overridden by environment variables..
- dnl
--PROGS="sudo visudo"
-+PROGS="sudo visudo sesh"
- test -n "$MANTYPE" || MANTYPE="man"
- test -n "$mansrcdir" || mansrcdir="."
- test -n "$SUDOERS_MODE" || SUDOERS_MODE=0440
---- sudo-1.6.8p8/sudo.man.in.selinux 2005-03-11 20:11:31.000000000 +0100
-+++ sudo-1.6.8p8/sudo.man.in 2005-04-12 12:53:01.000000000 +0200
-@@ -157,6 +157,7 @@
- \&\fBsudo\fR \fB\-K\fR | \fB\-L\fR | \fB\-V\fR | \fB\-h\fR | \fB\-k\fR | \fB\-l\fR | \fB\-v\fR
- .PP
- \&\fBsudo\fR [\fB\-HPSb\fR] [\fB\-a\fR\ \fIauth_type\fR] [\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
-+[\fB\-r\fR \fIrole\fR ] [\fB\-t\fR \fItype\fR ]
- [\fB\-p\fR\ \fIprompt\fR] [\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
- {\fB\-e\fR\ file\ [...]\ |\ \fB\-i\fR\ |\ \fB\-s\fR\ |\ \fIcommand\fR}
- .PP
-@@ -235,6 +236,16 @@
- \&\fBsudo\fR will initialize the group vector to the list of groups the
- target user is in. The real and effective group IDs, however, are
- still set to match the target user.
-+.IP "\-r" 4
-+.IX Item "-r"
-+The \fB\-r\fR (\fRrole\fR) option causes the new (SELinux) security context to have the role specified by
-+\fIROLE\fR.
-+.IP "\-t" 4
-+.IX Item "-t"
-+The \fB\-t\fR (\fRtype\fR) option causes the new (SELinux) security context to have the have the type (domain)
-+specified by
-+\fITYPE\fR.
-+If no type is specified, the default type is derived from the specified role.
- .IP "\-S" 4
- .IX Item "-S"
- The \fB\-S\fR (\fIstdin\fR) option causes \fBsudo\fR to read the password from
---- sudo-1.6.8p8/Makefile.in.selinux 2005-03-11 20:08:52.000000000 +0100
-+++ sudo-1.6.8p8/Makefile.in 2005-04-12 12:53:01.000000000 +0200
-@@ -43,7 +43,8 @@
- # Libraries
- LIBS = @LIBS@
- NET_LIBS = @NET_LIBS@
--SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS)
-+SELINUX_LIBS = -lselinux
-+SUDO_LIBS = @SUDO_LIBS@ @AFS_LIBS@ $(LIBS) $(NET_LIBS) $(SELINUX_LIBS)
-
- # C preprocessor flags
- CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@
-@@ -90,7 +91,7 @@
- sudoers_mode = @SUDOERS_MODE@
-
- # Pass in paths and uid/gid + OS dependent defined
--DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode)
-+DEFS = @OSDEFS@ -D_PATH_SUDOERS=\"$(sudoersdir)/sudoers\" -D_PATH_SUDOERS_TMP=\"$(sudoersdir)/sudoers.tmp\" -DSUDOERS_UID=$(sudoers_uid) -DSUDOERS_GID=$(sudoers_gid) -DSUDOERS_MODE=$(sudoers_mode) -DWITH_SELINUX
-
- #### End of system configuration section. ####
-
-@@ -104,7 +105,7 @@
- parse.c parse.lex parse.yacc set_perms.c sigaction.c snprintf.c \
- strcasecmp.c strerror.c strlcat.c strlcpy.c sudo.c sudo_noexec.c \
- sudo.tab.c sudo_edit.c testsudoers.c tgetpass.c utimes.c visudo.c \
-- zero_bytes.c $(AUTH_SRCS)
-+ zero_bytes.c $(AUTH_SRCS) sesh.c
-
- AUTH_SRCS = auth/afs.c auth/aix_auth.c auth/bsdauth.c auth/dce.c auth/fwtk.c \
- auth/kerb4.c auth/kerb5.c auth/pam.c auth/passwd.c auth/rfc1938.c \
-@@ -126,6 +127,8 @@
-
- VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS)
-
-+SESH_OBJS = sesh.o
-+
- TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
-
- LIBOBJS = @LIBOBJS@ @ALLOCA@
-@@ -145,7 +148,7 @@
- BINFILES= BUGS CHANGES HISTORY LICENSE README TODO TROUBLESHOOTING \
- UPGRADE install-sh mkinstalldirs sample.syslog.conf sample.sudoers \
- sudo sudo.cat sudo.man sudo.pod sudoers sudoers.cat sudoers.man \
-- sudoers.pod visudo visudo.cat visudo.man visudo.pod
-+ sudoers.pod visudo visudo.cat visudo.man visudo.pod sesh
-
- BINSPECIAL= INSTALL.binary Makefile.binary libtool
-
-@@ -177,6 +180,9 @@
- visudo: $(VISUDOBJS) $(LIBOBJS)
- $(CC) -o $@ $(VISUDOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
-
-+sesh: $(SESH_OBJS)
-+ $(CC) -o $@ $(SESH_OBJS) $(LDFLAGS) $(LIBS)
-+
- testsudoers: $(TESTOBJS) $(LIBOBJS)
- $(CC) -o $@ $(TESTOBJS) $(LIBOBJS) $(LDFLAGS) $(LIBS) $(NET_LIBS)
-
-@@ -215,6 +221,7 @@
- set_perms.o: set_perms.c $(SUDODEP)
- tgetpass.o: tgetpass.c $(SUDODEP)
- visudo.o: visudo.c $(SUDODEP) version.h
-+sesh.o: sesh.c
- sudo.o: sudo.c $(SUDODEP) interfaces.h version.h
- interfaces.o: interfaces.c $(SUDODEP) interfaces.h
- testsudoers.o: testsudoers.c $(SUDODEP) parse.h interfaces.h
-@@ -306,6 +313,7 @@
- ln $(DESTDIR)$(sudodir)/sudo $(DESTDIR)$(sudodir)/sudoedit
-
- $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s visudo $(DESTDIR)$(visudodir)/visudo
-+ $(INSTALL) -O $(install_uid) -G $(install_gid) -M 0111 -s sesh $(DESTDIR)$(visudodir)/sesh
-
- install-noexec: sudo_noexec.la
- $(LIBTOOL) --mode=install $(INSTALL) sudo_noexec.la $(DESTDIR)$(noexecdir)
Index: sudo.spec
===================================================================
RCS file: /cvs/dist/rpms/sudo/devel/sudo.spec,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- sudo.spec 11 Oct 2005 09:39:44 -0000 1.28
+++ sudo.spec 11 Oct 2005 11:41:09 -0000 1.29
@@ -4,7 +4,7 @@
Summary: Allows restricted root access for specified users.
Name: sudo
Version: 1.6.8p9
-Release: 4
+Release: 5
License: BSD
Group: Applications/System
Source: http://www.courtesan.com/sudo/dist/sudo-%{version}.tar.gz
@@ -19,10 +19,8 @@
Patch1: sudo-1.6.8p8-selinux.patch
# 154511 - sudo does not use limits.conf
Patch2: sudo-1.6.8p8-pam-sess.patch
-# 162623 - sesh hangs when child suspends
-Patch3: sudo-1.6.8p8-sesh-stopsig.patch
# don't strip
-Patch4: sudo-1.6.7p5-strip.patch
+Patch3: sudo-1.6.7p5-strip.patch
%description
Sudo (superuser do) allows a system administrator to give certain
@@ -43,8 +41,7 @@
%endif
%patch2 -p1 -b .sess
-%patch3 -p1 -b .sigstop
-%patch4 -p1 -b .strip
+%patch3 -p1 -b .strip
%build
%ifarch s390 s390x
@@ -110,6 +107,10 @@
/bin/chmod 0440 /etc/sudoers || :
%changelog
+* Tue Oct 11 2005 Karel Zak <kzak at redhat.com> 1.6.8p9-5
+- enable interfaces in selinux patch
+- merge sudo-1.6.8p8-sesh-stopsig.patch to selinux patch
+
* Mon Sep 19 2005 Karel Zak <kzak at redhat.com> 1.6.8p9-4
- fix debuginfo
--- sudo-1.6.8p8-sesh-stopsig.patch DELETED ---
More information about the fedora-cvs-commits
mailing list