+#
+# Conditional build:
+%bcond_without selinux # build without SELinux support
+%bcond_without skey # disable skey (onetime passwords) support
+%bcond_without heimdal # disable Kerberos support
+%bcond_without ldap # disable LDAP support
+#
Summary: Allows command execution as root for specified users
-Summary(pl): Umo¿liwia wykonywaniew poleceñ jako root dla konkretnych u¿ytkowników
+Summary(es): Permite que usuarios específicos ejecuten comandos como se fueran el root
+Summary(ja): »ØÄê¥æ¡¼¥¶¤ËÀ©¸ÂÉÕ¤Îroot¸¢¸Â¤òµö²Ä¤¹¤ë
+Summary(pl): Umo¿liwia wykonywanie poleceñ jako root dla konkretnych u¿ytkowników
+Summary(pt_BR): Permite que usuários específicos executem comandos como se fossem o root
+Summary(ru): ðÏÚ×ÏÌÑÅÔ ÏÐÒÅÄÅÌÅÎÎÙÍ ÐÏÌØÚÏ×ÁÔÅÌÑÍ ÉÓÐÏÌÎÑÔØ ËÏÍÁÎÄÙ ÏÔ ÉÍÅÎÉ root
+Summary(uk): äÏÚ×ÏÌѤ ×ËÁÚÁÎÉÍ ËÏÒÉÓÔÕ×ÁÞÁÍ ×ÉËÏÎÕ×ÁÔÉ ËÏÍÁÎÄÉ ×¦Ä ¦ÍÅΦ root
Name: sudo
-Version: 1.5.9p2
-Release: 1
-Copyright: GPL
-Group: Utilities/System
-Group(pl): Narzêdzia/Systemowe
-Source: ftp://ftp.cs.colorado.edu/pub/sudo/cu-sudo.v%{version}.tar.gz
-URL: http://www.courtesan.com/courtesan/products/sudo/
-BuildRoot: /tmp/%{name}-%{version}-root
+Version: 1.6.8p12
+Release: 2
+Epoch: 1
+License: BSD
+Group: Applications/System
+Source0: ftp://ftp.sudo.ws/pub/sudo/%{name}-%{version}.tar.gz
+# Source0-md5: b29893c06192df6230dd5f340f3badf5
+Source1: %{name}.pamd
+Source2: %{name}.logrotate
+Patch0: %{name}-selinux.patch
+Patch1: %{name}-ac.patch
+URL: http://www.sudo.ws/sudo/
+BuildRequires: autoconf >= 2.53
+BuildRequires: automake
+%{?with_heimdal:BuildRequires: heimdal-devel >= 0.7}
+%{?with_selinux:BuildRequires: libselinux-devel}
+BuildRequires: libtool
+%{?with_ldap:BuildRequires: openldap-devel >= 2.3.0}
+BuildRequires: pam-devel
+%{?with_skey:BuildRequires: skey-devel >= 2.2-11}
+Requires: pam >= 0.77.3
+Obsoletes: cu-sudo
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%description
-Sudo (superuser do) allows a permitted user to execute a command as the
-superuser (real and effective uid and gid are set to 0 and root's group as
-set in the passwd file respectively).
-
+Sudo (superuser do) allows a permitted user to execute a command as
+the superuser (real and effective uid and gid are set to 0 and root's
+group as set in the passwd file respectively).
+
Sudo determines who is an authorized user by consulting the file
-/etc/sudoers. By giving sudo the -v flag a user can update the time stamp
-without running a command. The password prompt itself will also time out if
-the password is not entered with N minutes (again, this is defined at
-installation time and defaults to 5 minutes).
+/etc/sudoers. By giving sudo the -v flag a user can update the time
+stamp without running a command. The password prompt itself will also
+time out if the password is not entered with N minutes (again, this is
+defined at installation time and defaults to 5 minutes).
+
+%description -l es
+Sudo (superuser do) permite que el administrador del sistema otorga a
+ciertos usuarios (o grupos de usuarios) la habilidad para ejecutar
+algunos (o todos) comandos como root, registrando todos los comandos y
+argumentos. Sudo opera en una base por comando, no siendo un
+substituto para la shell.
+
+%description -l ja
+sudo (superuser do)
+¤È¤Ï¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬¡¢¿®ÍѤǤ¤ë¥æ¡¼¥¶(¤Þ¤¿¤Ï¥°¥ë¡¼¥×)¤ËÂÐ
+¤·¤Æ¡¢¤¤¤¯¤Ä¤«(¤â¤·¤¯¤ÏÁ´¤Æ)¤Î¥³¥Þ¥ó¥É¤ò root
+¤È¤·¤Æ¼Â¹Ô¤Ç¤¤ë¤è¤¦¡¢¤½¤Î¥³¥Þ¥ó
+¥É¤Î¼Â¹ÔÍúÎò¤Î¥í¥°¤ò¤È¤ê¤Ä¤Äµö²Ä¤¹¤ë»ÅÁȤߤǤ¹¡£sudo
+¤Ï¥³¥Þ¥ó¥É°ì¹Ôñ°Ì¤ÇÆ°ºî
+¤·¤Þ¤¹¡£¥·¥§¥ë¤ÎÃÖ¤´¹¤¨¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£°Ê²¼¤Îµ¡Ç½¤òÆ⢤·¤Æ¤¤¤Þ¤¹¡£¥Û¥¹¥Èñ°Ì
+¤Ç¡¢¤½¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô²Äǽ¤Ê¥æ¡¼¥¶¤òÀ©¸Â¤¹¤ëµ¡Ç½¡¢³Æ¥³¥Þ¥ó¥É¤Ë¤Ä¤¤¤Æ¤Î(郎¤Ê
+¤Ë¤ò¼Â¹Ô¤·¤¿¤«¤Îº¯Àפò»Ä¤¹¤¿¤á¤Î)ËÉÙ¤Ê¥í¥®¥ó¥°µ¡Ç½¡¢sudo
+¥³¥Þ¥ó¥É¤Î¥¿¥¤¥à¥¢¥¦
+¥È»þ´Ö¤òÀßÄê²Äǽ¡¢Ê£¿ô¤Î¥Þ¥·¥ó¤ÇƱ°ì¤ÎÀßÄê¥Õ¥¡¥¤¥ë(sudoers)¤ò¶¦Í¤¹¤ëµ¡Ç½¡¢¤¬
+¤¢¤ê¤Þ¤¹¡£
%description -l pl
-Sudo (superuser do) umo¿liwia wykonywanie konkretnych poleceñ jako root dla
-wyspecyfikowanych u¿ytkowników (rzeczywiste i efektywne uid/gid podczas
-wykonywania tych programów jest 0).
-
-To kto mo¿e wykonywaæ konkretne polecenia i w jaki sposób ma byæ
-autoryzowany jest opisane w pliku /etc/sudoers.
+Sudo (superuser do) umo¿liwia wykonywanie konkretnych poleceñ jako
+root dla wyspecyfikowanych u¿ytkowników (rzeczywiste i efektywne
+uid/gid podczas wykonywania tych programów jest 0). To kto mo¿e
+wykonywaæ konkretne polecenia i w jaki sposób ma byæ autoryzowany jest
+opisane w pliku /etc/sudoers.
+
+%description -l pt_BR
+Sudo (superuser do) permite que o administrador do sistema dê a certos
+usuários (ou grupos de usuários) a habilidade para rodar alguns (ou
+todos) comandos como root, registrando todos os comandos e argumentos.
+Sudo opera numa base por comando, não sendo um substituto para a
+shell.
+
+%description -l ru
+Sudo (superuser do) ÐÏÚ×ÏÌÑÅÔ ÓÉÓÔÅÍÎÏÍÕ ÁÄÍÉÎÉÓÔÒÁÔÏÒÕ ÐÒÅÄÏÓÔÁ×ÌÑÔØ
+ÏÐÒÅÄÅÌÅÎÎÙÍ ÐÏÌØÚÏ×ÁÔÅÌÑÍ (ÉÌÉ ÉÈ ÇÒÕÐÐÁÍ) ×ÏÚÍÏÖÎÏÓÔØ ÉÓÐÏÌÎÑÔØ
+ÎÅËÏÔÏÒÙÅ (ÉÌÉ ×ÓÅ) ËÏÍÁÎÄÙ Ó ÐÒÁ×ÁÍÉ root, ÐÒÉ ÜÔÏÍ ÐÒÏÔÏËÏÌÉÒÕÑ ×ÓÅ
+ËÏÍÁÎÄÙ É ÁÒÇÕÍÅÎÔÙ. Sudo ÒÁÂÏÔÁÅÔ Ó ÏÔÄÅÌØÎÙÍÉ ËÏÍÁÎÄÁÍÉ, ÜÔÏ ÎÅ
+ÚÁÍÅÎÁ ËÏÍÁÎÄÎÏÊ ÏÂÏÌÏÞËÉ (shell). îÅËÏÔÏÒÙÅ ÉÚ ×ÏÚÍÏÖÎÏÓÔÅÊ sudo:
+ÏÇÒÁÎÉÞÅÎÉÅ ÔÏÇÏ, ËÁËÉÅ ËÏÍÁÎÄÙ ÐÏÌØÚÏ×ÁÔÅÌØ ÍÏÖÅÔ ÚÁÐÕÓËÁÔØ ×
+ÚÁ×ÉÓÉÍÏÓÔÉ ÏÔ ÈÏÓÔÁ; ÐÏÌÎÏÅ ÐÒÏÔÏËÏÌÉÒÏ×ÁÎÉÅ ËÁÖÄÏÊ ËÏÍÁÎÄÙ;
+ÎÁÓÔÒÁÉ×ÁÅÍÏÅ ×ÒÅÍÑ, ÎÁ ÐÒÏÔÑÖÅÎÉÉ ËÏÔÏÒÏÇÏ sudo ÐÏÍÎÉÔ ÐÁÒÏÌØ;
+ÉÓÐÏÌØÚÏ×ÁÎÉÅ ÏÄÎÏÇÏ ËÏÎÆÉÇÕÒÁÃÉÏÎÎÏÇÏ ÆÁÊÌÁ (sudoers) ÎÁ ÍÎÏÇÉÈ
+ÍÁÛÉÎÁÈ.
+
+%description -l uk
+Sudo (superuser do) ÄÏÚ×ÏÌѤ ÓÉÓÔÅÍÎÏÍÕ ÁÄͦΦÓÔÒÁÔÏÒÏצ ÎÁÄÁÔÉ ÐÅ×ÎÉÍ
+ËÏÒÉÓÔÕ×ÁÞÁÍ (ÞÉ §È ÇÒÕÐÁÍ) ÍÏÖÌÉצÓÔØ ×ÉËÏÎÕ×ÁÔÉ ÄÅÑ˦ (ÞÉ ×Ó¦)
+ËÏÍÁÎÄÉ Ú ÐÒÁ×ÁÍÉ root, ÐÒÉ ÃØÏÍÕ ÐÒÏÔÏËÏÌÀÀÞÉ ×Ó¦ ËÏÍÁÎÄÉ ÔÁ
+ÁÒÇÕÍÅÎÔÉ. Sudo ÐÒÁÃÀ¤ Ú ÏËÒÅÍÉÍÉ ËÏÍÁÎÄÁÍÉ, ÃÅ ÎÅ ÚÁͦÎÁ ËÏÍÁÎÄÎϧ
+ÏÂÏÌÏÎËÉ (shell). äÅÑ˦ Ú ÍÏÖÌÉ×ÏÓÔÅÊ sudo: ÏÂÍÅÖÅÎÎÑ ÔÏÇÏ, Ñ˦
+ËÏÍÁÎÄÉ ËÏÒÉÓÔÕ×ÁÞ ÍÏÖÅ ÚÁÐÕÓËÁÔÉ × ÚÁÌÅÖÎÏÓÔ¦ ×¦Ä ÈÏÓÔÁ; ÐÏ×ÎÅ
+ÐÒÏÔÏËÏÌÀ×ÁÎÎÑ ËÏÖÎϧ ËÏÍÁÎÄÉ; ÎÁÓÔÒÏÀ×ÁÎÉÊ ÞÁÓ, ÎÁ ÐÒÏÔÑÚ¦ ÑËÏÇÏ sudo
+ÐÁÍ'ÑÔÁ¤ ÐÁÒÏÌØ; ×ÉËÏÒÉÓÔÁÎÎÑ ÏÄÎÏÇÏ ËÏÎƦÇÕÒÁæÊÎÏÇÏ ÆÁÊÌÕ (sudoers)
+ÎÁ ÂÁÇÁÔØÏÈ ÍÁÛÉÎÁÈ.
%prep
-%setup -q -n %{name}.v%{version}
+%setup -q
+%{?with_selinux:%patch0 -p1}
+
+# only local macros
+mv -f aclocal.m4 acinclude.m4
+# kill libtool.m4 copy
+rm -f acsite.m4
+
+%patch1 -p1
%build
-autoconf
-CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" \
-./configure %{_target} \
- --prefix=/usr \
- --sbindir=%{_sbindir} \
- --with-timedir=/var/run \
- --with-C2 \
+cp -f /usr/share/automake/config.sub .
+%{__libtoolize}
+%{__aclocal}
+%{__autoconf}
+# sparc64 2.4.x kernels have buggy sys32_utimes(somefile, NULL) syscall
+# it's fixed in >= 2.4.31-0.3, but keep workaround not to require very
+# fresh kernel
+%ifarch sparc sparcv9
+export ac_cv_func_utimes=no
+%endif
+%configure \
+ NROFFPROG=nroff \
+ --with-incpath=/usr/include/security \
+ --with-timedir=/var/run/sudo \
--with-pam \
--with-logging=both \
- --with-logfac=LOG_AUTH \
- --with-logpath=/var/log/sudo.log \
- --with-message=full \
+ --with-logfac=auth \
+ --with-logpath=/var/log/sudo \
--with-ignore-dot \
--with-env-editor \
- --with-insults \
- --with-all-insults \
- --with-classic-insults \
- --with-csops-insults \
- --with-hal-insults \
- --with-goons-insults \
--with-secure-path="/bin:/sbin:/usr/bin:/usr/sbin" \
--with-loglen=320 \
+ --disable-saved-ids \
+ --with%{!?with_heimdal:out}-kerb5 \
+ --with%{!?with_ldap:out}-ldap \
+ --with%{!?with_skey:out}-skey \
+ --with-long-otp-prompt
-make CFLAGS="$RPM_OPT_FLAGS"
+%{__make}
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT/{etc/pam.d,var/log}
+install -d $RPM_BUILD_ROOT{%{_sysconfdir}/{pam.d,logrotate.d},/var/{log,run/sudo}}
-make install \
- prefix=$RPM_BUILD_ROOT/usr \
- visudodir=$RPM_BUILD_ROOT%{_sbindir} \
- sysconfdir=$RPM_BUILD_ROOT/etc \
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT \
install_uid=`id -u` \
install_gid=`id -g` \
sudoers_uid=`id -u` \
sudoers_gid=`id -g`
-install sample.pam $RPM_BUILD_ROOT/etc/pam.d/sudo
-touch $RPM_BUILD_ROOT/var/log/sudo.log
+install %{SOURCE1} $RPM_BUILD_ROOT/etc/pam.d/sudo
+touch $RPM_BUILD_ROOT/var/log/sudo
+install %{SOURCE2} $RPM_BUILD_ROOT/etc/logrotate.d/sudo
-gzip -9nf $RPM_BUILD_ROOT%{_mandir}/man{5,8}/* \
- BUGS CHANGES HISTORY README TODO TROUBLESHOOTING
+chmod -R +r $RPM_BUILD_ROOT%{_prefix}
-chmod -R +r $RPM_BUILD_ROOT/usr
+rm -f $RPM_BUILD_ROOT%{_libdir}/sudo_noexec.la
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
-%doc *.gz sample.sudoers
-%attr(0400,root,root) %verify(not md5 size mtime) %config(noreplace) /etc/sudoers
-%attr(0600,root,root) %config /etc/pam.d/sudo
-%attr(4555,root,root) %{_bindir}/sudo
-%attr(0555,root,root) %{_sbindir}/visudo
+%doc BUGS CHANGES HISTORY README TODO TROUBLESHOOTING sample.sudoers
+%attr(440,root,root) %verify(not md5 mtime size) %config(noreplace) %{_sysconfdir}/sudoers
+%attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sudo
+%attr(4755,root,root) %{_bindir}/sudo
+%attr(4755,root,root) %{_bindir}/sudoedit
+%{?with_selinux:%attr(755,root,root) %{_sbindir}/sesh}
+%attr(755,root,root) %{_sbindir}/visudo
+%attr(755,root,root) %{_libdir}/sudo_noexec.so
%{_mandir}/man*/*
-%attr(0600,root,root) %ghost /var/log/sudo.log
-
-%changelog
-* Sun May 30 1999 Tomasz K³oczko <kloczek@rudy.mif.pg.gda.pl>
- [1.5.9p2-1]
-- added more rpm macros.
-
-* Wed Apr 7 1999 Tomasz K³oczko <kloczek@rudy.mif.pg.gda.pl>
- [1.5.9p1-1]
-- added gzipping %doc
-- removed man group from man pages.
-
-* Sun Nov 29 1998 Tomasz K³oczko <kloczek@rudy.mif.pg.gda.pl>
- [1.5.7p2-1]
-- added gzipping man pages,
-- changed Buildroot to /tmp/%%{name}-%%{version}-root,
-- added "not size mtime" to %verify rule for /etc/sudoers,
-- changed way passing $RPM_OPT_FLAGS,
-- rewrited %description,
-- rewrited %build and %install using new autoconf sheme,
-- added pl translation.
-
-* Tue Sep 21 1998 Ian Macdonald <ianmacd@xs4all.nl>
-- upgraded to 1.5.6p2
-- built with PAM support
-- removed SUDO_LDFLAGS="-static" from make: would no longer build with it
-
-* Wed May 6 1998 Tomasz K³oczko <kloczek@rudy.mif.pg.gda.pl>
-- %%{version} macro instead %%{PACKAGE_VERSION},
-- added -q %setup parameter,
-- added using %%{name} macro in Buildroot.
-
-* Mon Apr 27 1998 Tomasz K³oczko <kloczek@rudy.mif.pg.gda.pl>
- [1.5.4-3]
-- Buildroot changed to /tmp/sudo-%%{PACKAGE_VERSION}-root,
-- added %%{PACKAGE_VERSION} to Source url and %setup macro,
-- removed sudo-1.5.4-buildroot.patch and instead this added few parameters
- to "make install",
-- SUDO_LDFLAGS="-static" and CFLAGS="$RPM_OPT_FLAGS" is passed as make
- arguments,
-- removed COPYING from %doc (Copyright statement is in Copyright field),
-- removed from %doc *.pod and options.h and added sample.sudoers,
-- added /var/log/sudo.log as %ghost file,
-- added %verify(not md5) for /etc/sudoers (allow modify this file without
- display warning on verify with using rpm),
-- added noreplace parameter for /etc/sudoers %config file,
-- removed sudo.v1.5.4-glibc.diff because sudo compiles on glibc 2.0.7,
-- added %defattr and %attr macros in %files (allows building package from
- non-root account); %defattr requires rpm >= 2.4.99.
-
-* Fri Jan 23 1998 Ian Macdonald <ianmacd@xs4all.nl>
- [1.5.4-2]
-- glibc build was broken; added patch to fix it
-
-* Tue Nov 18 1997 Otto Hammersmith <otto@redhat.com>
-- built for glibc, no problems
-
-* Fri Apr 25 1997 Michael Fulbright <msf@redhat.com>
-- Fixed for 4.2 PowerTools
-- Still need to be pamified
-- Still need to move stmp file to /var/log
-
-* Mon Feb 17 1997 Michael Fulbright <msf@redhat.com>
-- First version for PowerCD.
+%attr(600,root,root) %ghost /var/log/sudo
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/*
+%attr(700,root,root) %dir /var/run/sudo