# enable tests by default %define dotests 1 # LDAP is enabled by default. %define LDAP 1 Summary: Allows restricted root access for specified users. Summary(ja): »ØÄê¥æ¡¼¥¶¤ËÀ©¸ÂÉÕ¤Îroot¸¢¸Â¤òµö²Ä¤¹¤ë Name: sudo Version: 1.8.31p1 Release: 1 Group: Applications/System License: IBM_ILA Source: http://www.sudo.ws/sudo/dist/sudo-%{version}.tar.gz Source1: IBM_ILA URL: http://www.sudo.ws Prefix: %{_prefix} %if %{LDAP} == 1 Requires: openldap >= 2.4.48-1 Requires: gettext >= 0.19.8.1 Requires: zlib >= 1.2.11-1 BuildRequires: openldap-devel >= 2.4.48-1 %endif #To fix expired password login issue Patch1: sudo-%{version}-exppasswd2-aix.patch %description Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. %description -l ja sudo (superuser do) ¤È¤Ï¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬¡¢¿®ÍѤǤ­¤ë¥æ¡¼¥¶(¤Þ¤¿¤Ï¥°¥ë¡¼¥×)¤ËÂÐ ¤·¤Æ¡¢¤¤¤¯¤Ä¤«(¤â¤·¤¯¤ÏÁ´¤Æ)¤Î¥³¥Þ¥ó¥É¤ò root ¤È¤·¤Æ¼Â¹Ô¤Ç¤­¤ë¤è¤¦¡¢¤½¤Î¥³¥Þ¥ó ¥É¤Î¼Â¹ÔÍúÎò¤Î¥í¥°¤ò¤È¤ê¤Ä¤Äµö²Ä¤¹¤ë»ÅÁȤߤǤ¹¡£sudo ¤Ï¥³¥Þ¥ó¥É°ì¹Ôñ°Ì¤ÇÆ°ºî ¤·¤Þ¤¹¡£¥·¥§¥ë¤ÎÃÖ¤­´¹¤¨¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£°Ê²¼¤Îµ¡Ç½¤òÆ⢤·¤Æ¤¤¤Þ¤¹¡£¥Û¥¹¥Èñ°Ì ¤Ç¡¢¤½¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô²Äǽ¤Ê¥æ¡¼¥¶¤òÀ©¸Â¤¹¤ëµ¡Ç½¡¢³Æ¥³¥Þ¥ó¥É¤Ë¤Ä¤¤¤Æ¤Î(郎¤Ê ¤Ë¤ò¼Â¹Ô¤·¤¿¤«¤Îº¯Àפò»Ä¤¹¤¿¤á¤Î)Ë­ÉÙ¤Ê¥í¥®¥ó¥°µ¡Ç½¡¢sudo ¥³¥Þ¥ó¥É¤Î¥¿¥¤¥à¥¢¥¦ ¥È»þ´Ö¤òÀßÄê²Äǽ¡¢Ê£¿ô¤Î¥Þ¥·¥ó¤ÇƱ°ì¤ÎÀßÄê¥Õ¥¡¥¤¥ë(sudoers)¤ò¶¦Í­¤¹¤ëµ¡Ç½¡¢¤¬ tat¢¤ê¤Þ¤¹¡£ %prep %setup -q -n sudo-%{version} %patch1 -p0 # Add license info cat $RPM_SOURCE_DIR/IBM_ILA > doc/LICENSE.new cat doc/LICENSE >> doc/LICENSE.new mv doc/LICENSE.new doc/LICENSE rm -rf /tmp/%{name}-%{version}-32bit mkdir /tmp/%{name}-%{version}-32bit mv * /tmp/%{name}-%{version}-32bit mkdir 32bit mv /tmp/%{name}-%{version}-32bit/* 32bit rm -rf /tmp/%{name}-%{version}-32bit mkdir 64bit cp -rp 32bit/* 64bit/ %build cd 64bit export CC="gcc -maix64" export OBJECT_MODE=64 export CFLAGS="$RPM_OPT_FLAGS -fstack-check" export LDFLAGS="-L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/libexec64/sudo:/opt/freeware/libexec/sudo:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib64:/usr/lib:/lib" ./configure \ --prefix=%{_prefix} \ --sbindir=%{_prefix}/sbin \ --libdir=%{_libdir}64 \ --mandir=%{_mandir} \ --libexecdir=%{_libexecdir}64 \ --with-logging=syslog \ --with-logfac=auth \ --with-pam \ --with-pam-login \ --with-env-editor \ --with-ignore-dot \ --with-aixauth \ --with-tty-tickets \ %if %{LDAP} == 1 --with-ldap \ --with-ldap-conf-file=/opt/freeware/etc/openldap/ldap.conf \ %endif make if [ "%{dotests}" == 1 ] then ( gmake -k test || true ) /usr/sbin/slibclean fi cd ../32bit export CC="gcc -maix32" export OBJECT_MODE=32 export CFLAGS="$RPM_OPT_FLAGS -fstack-check -D_LARGE_FILES" export LDFLAGS="-L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/libexec/sudo:/opt/freeware/lib:/usr/lib:/lib -Wl,-bmaxdata:0x80000000" ./configure \ --prefix=%{_prefix} \ --sbindir=%{_prefix}/sbin \ --libdir=%{_libdir} \ --mandir=%{_mandir} \ --libexecdir=%{_libexecdir} \ --with-logging=syslog \ --with-logfac=auth \ --with-pam \ --with-pam-login \ --with-env-editor \ --with-ignore-dot \ --with-aixauth \ --with-tty-tickets \ %if %{LDAP} == 1 --with-ldap \ --with-ldap-conf-file=/opt/freeware/etc/openldap/ldap.conf \ %endif make if [ "%{dotests}" == 1 ] then ( gmake -k test || true ) /usr/sbin/slibclean fi %install rm -rf $RPM_BUILD_ROOT mkdir $RPM_BUILD_ROOT cd 64bit export OBJECT_MODE=64 sed -e 's/-o $(sudoers_uid) -g $(sudoers_gid) / /g' \ -e 's/-o $(install_uid) -g $(install_gid) / /g' \ -e 's/-m 4111//' -e 's/-m 0111//' Makefile > Makefile.$$ mv Makefile.$$ Makefile CFLAGS="$RPM_OPT_FLAGS" \ make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` chmod 0755 ${RPM_BUILD_ROOT}%{_sbindir}/* /opt/freeware/bin/install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo ( cd ${RPM_BUILD_ROOT}/%{_prefix}/bin for f in $(ls -1| grep -v -e _32 -e _64) do mv $f "$f"_64 done ) ( cd ${RPM_BUILD_ROOT}/%{_prefix}/sbin for f in $(ls -1| grep -v -e _32 -e _64) do mv $f "$f"_64 done ) cd ../32bit export OBJECT_MODE=32 sed -e 's/-o $(sudoers_uid) -g $(sudoers_gid) / /g' \ -e 's/-o $(install_uid) -g $(install_gid) / /g' \ -e 's/-m 4111//' -e 's/-m 0111//' Makefile > Makefile.$$ mv Makefile.$$ Makefile CFLAGS="$RPM_OPT_FLAGS" \ make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` chmod 0755 ${RPM_BUILD_ROOT}%{_sbindir}/* /opt/freeware/bin/install -d -m 700 $RPM_BUILD_ROOT/var/run/sudo ( cd ${RPM_BUILD_ROOT}/%{_prefix}/bin for f in $(ls -1| grep -v -e _32 -e _64) do mv $f "$f"_32 ln -sf "$f"_32 $f done ) ( cd ${RPM_BUILD_ROOT}/%{_prefix}/sbin for f in $(ls -1| grep -v -e _32 -e _64) do mv $f "$f"_32 ln -sf "$f"_32 $f done ) ( cd $RPM_BUILD_ROOT for dir in bin sbin include do mkdir -p usr/$dir cd usr/$dir ln -sf ../..%{_prefix}/$dir/* . cd - done ) cd $RPM_BUILD_ROOT mkdir -p etc/rc.d/rc2.d ln -s /etc/rc.d/init.d/sudo etc/rc.d/rc2.d/S90sudo /usr/bin/strip -X32_64 ${RPM_BUILD_ROOT}%{_bindir}/* || : /usr/bin/strip -X32_64 ${RPM_BUILD_ROOT}%{_sbindir}/* || : %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,system) %doc 64bit/INSTALL 64bit/NEWS 64bit/doc/HISTORY 64bit/doc/LICENSE 64bit/README 64bit/README.LDAP 64bit/doc/TROUBLESHOOTING 64bit/doc/UPGRADE %config(noreplace) %attr(0440,root,system) /etc/sudoers %attr(0750,root,system) %dir /etc/sudoers.d %attr(0711,root,system) %dir /var/lib/sudo %attr(0711,root,system) %dir /var/lib/sudo/lectured %attr(0700,root,system) %dir /var/run/sudo %attr(4111,root,system) %{prefix}/bin/sudo %attr(4111,root,system) %{prefix}/bin/sudoreplay %attr(4111,root,system) %{prefix}/bin/sudoedit %attr(0111,root,system) %{prefix}/sbin/visudo %attr(4111,root,system) %{prefix}/bin/sudo_32 %attr(4111,root,system) %{prefix}/bin/sudoreplay_32 %attr(4111,root,system) %{prefix}/bin/sudoedit_32 %attr(0111,root,system) %{prefix}/sbin/visudo_32 %attr(4111,root,system) %{prefix}/bin/sudo_64 %attr(4111,root,system) %{prefix}/bin/sudoreplay_64 %attr(4111,root,system) %{prefix}/bin/sudoedit_64 %attr(0111,root,system) %{prefix}/sbin/visudo_64 /usr/bin/sudo /usr/bin/sudoreplay /usr/bin/sudoedit /usr/sbin/visudo /usr/bin/sudo_32 /usr/bin/sudoreplay_32 /usr/bin/sudoedit_32 /usr/sbin/visudo_32 /usr/bin/sudo_64 /usr/bin/sudoreplay_64 /usr/bin/sudoedit_64 /usr/sbin/visudo_64 %{_libexecdir}/sudo /etc/rc.d/init.d/* /etc/rc.d/rc2.d/* %{_mandir}/man5/* %{_mandir}/man8/sudo.8* %{_mandir}/man8/sudoedit.8* %{_mandir}/man8/sudoreplay.8* %{_mandir}/man8/visudo.8* %{_includedir}/* /usr/include/* %changelog * Mon May 04 2020 Baanu Tumma - 1.8.31p1 - Updated to version 1.8.31p1 * Wed Dec 04 2019 Sangamesh Mallayya 1.8.28-1 - Update to 1.8.28 which includes CVE fix CVE-2019-14287. * Thu Sep 12 2019 Sangamesh Mallayya 1.8.27-3 - Rebuild to use newer AIX authentication API. - Newer API's saves the state information and works better than - the older API's. * Fri Jun 07 2019 Ravi Hirekurabar - 1.8.27-2 - Rebuild with pam support - Rebuilt to fix expired login credentials issue * Mon Mar 18 2019 Ravi Hirekurabar - 1.8.27-1 - Updated to 1.8.27 * Tue Nov 14 2017 Ayappan P 1.8.20p2-4 - Fix rpm_share error messages due to improper symlinks * Fri Jul 14 2017 Sangamesh Mallayya 1.8.20p2-3 - Update to include CVE fixes. - Build with -fstack-check & maxdata. * Sat Jul 02 2016 Sangamesh Mallayya 1.8.15-2 - Rebuild with ldap support. * Thu Mar 17 2016 Sangamesh Mallayya 1.8.15-1 - Update to 1.8.15 * Tue Apr 7 2015 Sangamesh Mallayya 1.8.13-1 - Update to 1.8.13 * Thu Nov 11 2011 Sangamesh Mallayya 1.6.9p23 - Update to 1.6.9p23 * Fri Aug 22 2008 Garrick Trowsdale - Move BuildRequires: openldap-devel inside conditional block * Tue Jul 29 2008 Reza Arbab 1.6.9p15-2noldap - Create a non-LDAP enabled release. Build with --define 'noldap 1'. * Wed Jul 2 2008 Reza Arbab 1.6.9p15-2 - Change the order of the libpath encoded in the sudo binary. * Fri May 2 2008 Reza Arbab 1.6.9p15-1 - Update to 1.6.9p15. - Configure with-ldap and with-noexec. Require openldap. * Tue Apr 27 2004 David Clissold 1.6.7p5-2 - Make sure /etc/sudoers installs with 0440 permissions. - Thanks to Leigh Brown (leigh@solinno.co.uk) for pointing this out. * Wed May 21 2003 David Clissold 1.6.7p5-1 - New version, 1.6.7p5. (Includes earlier security fix; separate - patch no longer required). * Fri Nov 22 2002 David Clissold - Add IBM ILA license. * Wed Jul 17 2002 David Clissold - New version, 1.6.5p2. Security patch still required. * Thu Apr 25 2002 David Clissold - Security patch announced today; added. * Fri Feb 08 2002 Marc Stephenson - New version * Tue Oct 23 2001 David Clissold - No functional change. Remove unneccessary libtool use. * Thu Oct 11 2001 Marc Stephenson - Use configure with-authenticate * Fri Apr 20 2001 Marc Stephenson - Build for AIX Toolbox for Linux Distributions * Mon Mar 5 2001 Hirofumi Takeda - update to 1.6.3p7 * Thu Feb 22 2001 Hirofumi Takeda - update to 1.6.3p6 * Sat Dec 30 2000 Roger Luethi - 1.6.3p5-2: libtoolized build * Thu Sep 21 2000 Hirofumi Takeda - rewrite spec file for FHS 2.1 - updated to 1.6.3p5 o Fixed a case where a string was used after it had been freed. o Fixed a bug that prevented the -H option from working. o Fixed targetpw, rootpw, and runaspw options when used with non-passwd file authentication (PAM, etc). o When the targetpw flag is set, use the target username as part of the timestamp path. o The listpw and verifypw options had no effect. * Mon Jul 17 2000 SL Baur - alpha port * Mon Mar 27 2000 Takeshi Aihana - updated to 1.6.3 - patch pathname of libpam * Sat Mar 25 2000 Hirofumi Takeda - update to 1.6.2p3 * Fri Feb 4 2000 Hirofumi Takeda - Repackaged for TurboLinux Workstation 6.0J * Sun Jan 9 2000 Takaaki Tabuchi - be able to rebuild non-root user. * Sun Dec 19 1999 Taichi Nakamura - update to 1.6.1 * Tue Dec 14 1999 Tenkou N. Hattori - change /etc/sudoers to noreplace. * Tue Nov 30 1999 Tenkou N. Hattori - updated to 1.6 - be a NoSrc :-P * Thu Jul 22 1999 Tim Powers - updated to 1.5.9p2 for Powertools 6.1 * Wed May 12 1999 Bill Nottingham - sudo is configured with pam. There's no pam.d file. Oops. * Mon Apr 26 1999 Preston Brown - upgraded to 1.59p1 for powertools 6.0 * Tue Oct 27 1998 Preston Brown - fixed so it doesn't find /usr/bin/vi first, but instead /bin/vi (always installed) * Fri Oct 08 1998 Michael Maher - built package for 5.2 * Mon May 18 1998 Michael Maher - updated SPEC file. * Thu Jan 29 1998 Otto Hammersmith - updated to 1.5.4 * Tue Nov 18 1997 Otto Hammersmith - built for glibc, no problems * Fri Apr 25 1997 Michael Fulbright - Fixed for 4.2 PowerTools - Still need to be pamified - Still need to move stmp file to /var/log * Mon Feb 17 1997 Michael Fulbright - First version for PowerCD.