+#
+# Conditional build:
+%bcond_without selinux # build without SELinux support
+#
Summary: Allows command execution as root for specified users
Summary(es): Permite que usuarios específicos ejecuten comandos como se fueran el root
Summary(ja): »ØÄê¥æ¡¼¥¶¤ËÀ©¸ÂÉÕ¤Îroot¸¢¸Â¤òµö²Ä¤¹¤ë
-Summary(pl): Umo¿liwia wykonywaniew poleceñ jako root dla konkretnych u¿ytkowników
+Summary(pl): Umo¿liwia wykonywanie poleceñ jako root dla konkretnych u¿ytkowników
Summary(pt_BR): Permite que usuários específicos executem comandos como se fossem o root
Summary(ru): ðÏÚ×ÏÌÑÅÔ ÏÐÒÅÄÅÌÅÎÎÙÍ ÐÏÌØÚÏ×ÁÔÅÌÑÍ ÉÓÐÏÌÎÑÔØ ËÏÍÁÎÄÙ ÏÔ ÉÍÅÎÉ root
Summary(uk): äÏÚ×ÏÌѤ ×ËÁÚÁÎÉÍ ËÏÒÉÓÔÕ×ÁÞÁÍ ×ÉËÏÎÕ×ÁÔÉ ËÏÍÁÎÄÉ ×¦Ä ¦ÍÅΦ root
Name: sudo
-Version: 1.6.7p4
-Release: 1
+Version: 1.6.8p8
+Release: 4
Epoch: 1
License: BSD
Group: Applications/System
Source0: ftp://ftp.courtesan.com/pub/sudo/%{name}-%{version}.tar.gz
+# Source0-md5: 7a60e95d0931dcf3caff7929e974d5cc
Source1: %{name}.pamd
Source2: %{name}.logrotate
+Patch0: %{name}-selinux.patch
+Patch1: %{name}-ac.patch
URL: http://www.courtesan.com/sudo/
-BuildRequires: autoconf
+BuildRequires: autoconf >= 2.53
+BuildRequires: automake
+%{?with_selinux:BuildRequires: libselinux-devel}
+BuildRequires: heimdal-devel
+BuildRequires: openldap-devel
+BuildRequires: skey-devel >= 2.2-11
+BuildRequires: libtool
BuildRequires: pam-devel
-BuildRequires: /bin/vi
-BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+Requires: pam >= 0.77.3
Obsoletes: cu-sudo
-
-%define _sysconfdir /etc
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
Sudo (superuser do) allows a permitted user to execute a command as
ÎÁ ÂÁÇÁÔØÏÈ ÍÁÛÉÎÁÈ.
%prep
-%setup -q
+%setup -q
+%{?with_selinux:%patch0 -p1}
+
+# only local macros
+mv -f aclocal.m4 acinclude.m4
+# kill libtool.m4 copy
+rm -f acsite.m4
+
+%patch1 -p1
%build
-%configure2_13 \
+cp -f /usr/share/automake/config.sub .
+%{__libtoolize}
+%{__aclocal}
+%{__autoconf}
+# sparc64 2.4.x kernels have buggy sys32_utimes(somefile, NULL) syscall
+# it's fixed in >= 2.4.31-0.3, but keep workaround not to require very
+# fresh kernel
+%ifarch sparc sparcv9
+export ac_cv_func_utimes=no
+%endif
+%configure \
+ NROFFPROG=nroff \
+ --with-incpath=/usr/include/security \
--with-timedir=/var/run/sudo \
- --with-C2 \
--with-pam \
--with-logging=both \
--with-logfac=auth \
--with-logpath=/var/log/sudo \
- --with-message=full \
--with-ignore-dot \
--with-env-editor \
- --with-insults \
- --with-all-insults \
- --with-classic-insults \
- --with-csops-insults \
- --with-hal-insults \
- --with-goons-insults \
- --with-secure-path="/bin:/sbin:%{_bindir}:%{_sbindir}" \
+ --with-secure-path="/bin:/sbin:/usr/bin:/usr/sbin" \
--with-loglen=320 \
--disable-saved-ids \
- NROFFPROG=nroff
+ --with-kerb5 \
+ --with-ldap \
+ --with-skey \
+ --with-long-otp-prompt
%{__make}
chmod -R +r $RPM_BUILD_ROOT%{_prefix}
+rm -f $RPM_BUILD_ROOT%{_libdir}/sudo_noexec.la
+
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
%doc BUGS CHANGES HISTORY README TODO TROUBLESHOOTING sample.sudoers
-%attr(0440,root,root) %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/sudoers
-%attr(0600,root,root) %config(noreplace) %verify(not size mtime md5) /etc/pam.d/sudo
-%attr(4555,root,root) %{_bindir}/sudo
-%attr(0555,root,root) %{_sbindir}/visudo
+%attr(440,root,root) %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/sudoers
+%attr(600,root,root) %config(noreplace) %verify(not size mtime md5) /etc/pam.d/sudo
+%attr(4755,root,root) %{_bindir}/sudo
+%attr(4755,root,root) %{_bindir}/sudoedit
+%{?with_selinux:%attr(755,root,root) %{_sbindir}/sesh}
+%attr(755,root,root) %{_sbindir}/visudo
+%attr(755,root,root) %{_libdir}/sudo_noexec.so
%{_mandir}/man*/*
-%attr(0600,root,root) %ghost /var/log/sudo
-%attr(0640,root,root) /etc/logrotate.d/*
-%attr(0700,root,root) %dir /var/run/sudo
+%attr(600,root,root) %ghost /var/log/sudo
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/*
+%attr(700,root,root) %dir /var/run/sudo