bab9bb6b69
Create new directories:
ceph
config
config-files
filesystem
kernel
kernel/kernel-modules
ldap
logging
strorage-drivers
tools
utilities
virt
Retire directories:
connectivity
core
devtools
support
extended
Delete two packages:
tgt
irqbalance
Relocated packages:
base/
dhcp
initscripts
libevent
lighttpd
linuxptp
memcached
net-snmp
novnc
ntp
openssh
pam
procps
sanlock
shadow
sudo
systemd
util-linux
vim
watchdog
ceph/
python-cephclient
config/
facter
puppet-4.8.2
puppet-modules
filesystem/
e2fsprogs
nfs-utils
nfscheck
kernel/
kernel-std
kernel-rt
kernel/kernel-modules/
mlnx-ofa_kernel
ldap/
nss-pam-ldapd
openldap
logging/
syslog-ng
logrotate
networking/
lldpd
iproute
mellanox
python-ryu
mlx4-config
python/
python-2.7.5
python-django
python-gunicorn
python-setuptools
python-smartpm
python-voluptuous
security/
shim-signed
shim-unsigned
tboot
strorage-drivers/
python-3parclient
python-lefthandclient
virt/
cloud-init
libvirt
libvirt-python
qemu
tools/
storage-topology
vm-topology
utilities/
tis-extensions
namespace-utils
nova-utils
update-motd
Change-Id: I37ade764d873c701b35eac5881eb40412ba64a86
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>
67 lines
2.3 KiB
Diff
67 lines
2.3 KiB
Diff
From abc3ec24a957002962bb4038946291b84bea3859 Mon Sep 17 00:00:00 2001
|
|
From: Scott Little <scott.little@windriver.com>
|
|
Date: Mon, 2 Oct 2017 16:50:44 -0400
|
|
Subject: [PATCH 2/3] WRS: 0002-spec-include-TiS-changes.patch
|
|
|
|
---
|
|
SPECS/sudo.spec | 17 +++++++++++++++--
|
|
1 file changed, 15 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec
|
|
index 7d1486b..d731ba9 100644
|
|
--- a/SPECS/sudo.spec
|
|
+++ b/SPECS/sudo.spec
|
|
@@ -64,6 +64,8 @@ Patch17: sudo-1.8.19p2-get_process_ttyname.patch
|
|
# 1459152 - CVE-2017-1000368: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
|
|
Patch18: sudo-1.8.19p2-CVE-2017-1000368.patch
|
|
|
|
+# WRS patches
|
|
+
|
|
%description
|
|
Sudo (superuser do) allows a system administrator to give certain
|
|
users (or groups of users) the ability to run some (or all) commands
|
|
@@ -106,6 +108,8 @@ plugins that use %{name}.
|
|
%patch17 -p1 -b .get_process_ttyname
|
|
%patch18 -p1 -b .CVE-2017-1000368
|
|
|
|
+# WRS patches
|
|
+
|
|
%build
|
|
autoreconf -I m4 -fv --install
|
|
|
|
@@ -132,7 +136,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL
|
|
--with-ignore-dot \
|
|
--with-tty-tickets \
|
|
--with-ldap \
|
|
- --with-ldap-conf-file="%{_sysconfdir}/sudo-ldap.conf" \
|
|
+ --with-ldap-conf-file="%{_sysconfdir}/openldap/ldap.conf" \
|
|
--with-selinux \
|
|
--with-passprompt="[sudo] password for %p: " \
|
|
--with-linux-audit \
|
|
@@ -158,6 +162,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
|
|
install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf
|
|
install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf
|
|
|
|
+install -d $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/
|
|
+install -m 644 doc/schema.OpenLDAP $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/sudo.schema
|
|
+
|
|
+install -d $RPM_BUILD_ROOT/%{_datadir}/sudo
|
|
+install -m 700 plugins/sudoers/sudoers2ldif $RPM_BUILD_ROOT/%{_datadir}/sudo/sudoers2ldif
|
|
+
|
|
# Remove execute permission on this script so we don't pull in perl deps
|
|
chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif
|
|
|
|
@@ -226,7 +236,8 @@ rm -rf $RPM_BUILD_ROOT
|
|
%{_mandir}/man8/visudo.8*
|
|
%dir %{_docdir}/sudo-%{version}
|
|
%{_docdir}/sudo-%{version}/*
|
|
-
|
|
+%{_sysconfdir}/openldap/schema/sudo.schema
|
|
+%{_datadir}/sudo/sudoers2ldif
|
|
|
|
# Make sure permissions are ok even if we're updating
|
|
%post
|
|
--
|
|
1.9.1
|
|
|