diff --git a/sudo-1.9.10.tar.gz b/sudo-1.9.10.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..03396b2f6bfcad9249236bce13b4a8ebec70d4db
Binary files /dev/null and b/sudo-1.9.10.tar.gz differ
diff --git a/sudo.spec b/sudo.spec
new file mode 100644
index 0000000000000000000000000000000000000000..ec4f5a8e10ea3890b7c7879ea38984a1da6d7c88
--- /dev/null
+++ b/sudo.spec
@@ -0,0 +1,230 @@
+%define anolis_release 1
+Summary: Allows restricted root access for specified users
+Name: sudo
+Version: 1.9.10
+Release: %{anolis_release}%{?dist}
+License: ISC
+URL: https://www.sudo.ws
+Source0: %{url}/dist/%{name}-%{version}.tar.gz
+Source1: sudoers
+Requires: pam
+Recommends: nano
+Recommends: %{name}-python-plugin%{?_isa} = %{version}-%{release}
+
+BuildRequires: make
+BuildRequires: pam-devel
+BuildRequires: groff
+BuildRequires: openldap-devel
+BuildRequires: flex
+BuildRequires: bison
+BuildRequires: libtool
+BuildRequires: audit-libs-devel libcap-devel
+BuildRequires: libselinux-devel
+BuildRequires: sendmail
+BuildRequires: gettext
+BuildRequires: zlib-devel
+
+%description
+Sudo (superuser do) allows a system administrator to give certain
+users (or groups of users) the ability to run some (or all) commands
+as root while logging all commands and arguments. Sudo operates on a
+per-command basis.  It is not a replacement for the shell.  Features
+include: the ability to restrict what commands a user may run on a
+per-host basis, copious logging of each command (providing a clear
+audit trail of who did what), a configurable timeout of the sudo
+command, and the ability to use the same configuration file (sudoers)
+on many different machines.
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains header files developing sudo
+plugins that use %{name}.
+
+
+%package        logsrvd
+Summary:        High-performance log server for %{name}
+Requires:       %{name} = %{version}-%{release}
+BuildRequires:  openssl-devel
+
+
+%description    logsrvd
+%{name}-logsrvd is a high-performance log server that accepts event and I/O logs from sudo.
+It can be used to implement centralized logging of sudo logs.
+
+%package        python-plugin
+Summary:        Python plugin for %{name}
+Requires:       %{name} = %{version}-%{release}
+BuildRequires:  python3-devel
+
+
+%description    python-plugin
+%{name}-python-plugin allows using sudo plugins written in Python.
+
+%prep
+%setup -q -n %{name}-%{version}
+
+%build
+# Remove bundled copy of zlib
+rm -rf zlib/
+
+%ifarch s390 s390x sparc64
+F_PIE=-fPIE
+%else
+F_PIE=-fpie
+%endif
+
+export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
+
+%configure \
+        --prefix=%{_prefix} \
+        --sbindir=%{_sbindir} \
+        --libdir=%{_libdir} \
+        --docdir=%{_pkgdocdir} \
+	--enable-openssl \
+        --disable-root-mailer \
+        --disable-intercept \
+        --with-logging=syslog \
+        --with-logfac=authpriv \
+        --with-pam \
+        --with-pam-login \
+        --with-editor=%{_bindir}/nano:%{_bindir}/vim:%{_bindir}/vi \
+        --with-env-editor \
+        --with-ignore-dot \
+        --with-tty-tickets \
+        --with-ldap \
+        --with-selinux \
+        --with-passprompt="[sudo] password for %p: " \
+	--enable-python \
+	--enable-zlib=system \
+        --with-linux-audit \
+        --with-sssd
+#       --without-kerb5 \
+#       --without-kerb4
+make
+
+%check
+make check
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR="$RPM_BUILD_ROOT" install_uid=`id -u` install_gid=`id -g` sudoers_uid=`id -u` sudoers_gid=`id -g`
+
+chmod 755 $RPM_BUILD_ROOT%{_bindir}/* $RPM_BUILD_ROOT%{_sbindir}/*
+install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo
+install -p -d -m 700 $RPM_BUILD_ROOT/var/db/sudo/lectured
+install -p -d -m 750 $RPM_BUILD_ROOT/etc/sudoers.d
+install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers
+#add sudo to protected packages
+install -p -d -m 755 $RPM_BUILD_ROOT/etc/dnf/protected.d/
+touch sudo.conf
+echo sudo > sudo.conf
+install -p -c -m 0644 sudo.conf $RPM_BUILD_ROOT/etc/dnf/protected.d/
+rm -f sudo.conf
+
+chmod +x $RPM_BUILD_ROOT%{_libexecdir}/sudo/*.so # for stripping, reset in %%files
+
+# Don't package LICENSE as a doc
+rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/LICENSE
+
+# Remove examples; Examples can be found in man pages too.
+rm -rf $RPM_BUILD_ROOT%{_datadir}/examples/sudo
+
+#Remove all .la files
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+
+# Remove sudoers.dist
+rm -f $RPM_BUILD_ROOT%{_sysconfdir}/sudoers.dist
+
+%find_lang sudo
+%find_lang sudoers
+
+cat sudo.lang sudoers.lang > sudo_all.lang
+rm sudo.lang sudoers.lang
+
+mkdir -p $RPM_BUILD_ROOT/etc/pam.d
+cat > $RPM_BUILD_ROOT/etc/pam.d/sudo << EOF
+#%%PAM-1.0
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+session    optional     pam_keyinit.so revoke
+session    required     pam_limits.so
+session    include      system-auth
+EOF
+
+cat > $RPM_BUILD_ROOT/etc/pam.d/sudo-i << EOF
+#%%PAM-1.0
+auth       include      sudo
+account    include      sudo
+password   include      sudo
+session    optional     pam_keyinit.so force revoke
+session    include      sudo
+EOF
+
+
+%files -f sudo_all.lang
+%defattr(-,root,root)
+%attr(0440,root,root) %config(noreplace) /etc/sudoers
+%attr(0750,root,root) %dir /etc/sudoers.d/
+%config(noreplace) /etc/pam.d/sudo
+%config(noreplace) /etc/pam.d/sudo-i
+%attr(0644,root,root) %{_tmpfilesdir}/sudo.conf
+%attr(0644,root,root) %config(noreplace) /etc/dnf/protected.d/sudo.conf
+%attr(0640,root,root) %config(noreplace) /etc/sudo.conf
+%dir /var/db/sudo
+%dir /var/db/sudo/lectured
+%attr(4111,root,root) %{_bindir}/sudo
+%{_bindir}/sudoedit
+%attr(0111,root,root) %{_bindir}/sudoreplay
+%attr(0755,root,root) %{_sbindir}/visudo
+%{_bindir}/cvtsudoers
+%dir %{_libexecdir}/sudo
+%attr(0755,root,root) %{_libexecdir}/sudo/sesh
+%attr(0644,root,root) %{_libexecdir}/sudo/sudo_noexec.so
+%attr(0644,root,root) %{_libexecdir}/sudo/sudoers.so
+%attr(0644,root,root) %{_libexecdir}/sudo/audit_json.so
+%attr(0644,root,root) %{_libexecdir}/sudo/group_file.so
+%attr(0644,root,root) %{_libexecdir}/sudo/sample_approval.so
+%attr(0644,root,root) %{_libexecdir}/sudo/system_group.so
+%attr(0644,root,root) %{_libexecdir}/sudo/libsudo_util.so.?.?.?
+%{_libexecdir}/sudo/libsudo_util.so.?
+%{_libexecdir}/sudo/libsudo_util.so
+%{_mandir}/man5/sudoers.5*
+%{_mandir}/man5/sudoers.ldap.5*
+%{_mandir}/man5/sudo.conf.5*
+%{_mandir}/man8/sudo.8*
+%{_mandir}/man8/sudoedit.8*
+%{_mandir}/man8/sudoreplay.8*
+%{_mandir}/man8/visudo.8*
+%{_mandir}/man1/cvtsudoers.1.gz
+%{_mandir}/man5/sudoers_timestamp.5.gz
+%dir %{_pkgdocdir}/
+%{_pkgdocdir}/*
+%{!?_licensedir:%global license %%doc}
+%license LICENSE.md
+%exclude %{_pkgdocdir}/ChangeLog
+
+%files devel
+%doc plugins/sample/sample_plugin.c
+%{_includedir}/sudo_plugin.h
+%{_mandir}/man8/sudo_plugin.8*
+
+%files logsrvd
+%attr(0640,root,root) %config(noreplace) /etc/sudo_logsrvd.conf
+%attr(0755,root,root) %{_sbindir}/sudo_logsrvd
+%attr(0755,root,root) %{_sbindir}/sudo_sendlog
+%{_mandir}/man5/sudo_logsrv.proto.5.gz
+%{_mandir}/man5/sudo_logsrvd.conf.5.gz
+%{_mandir}/man8/sudo_logsrvd.8.gz
+%{_mandir}/man8/sudo_sendlog.8.gz
+
+%files python-plugin
+%{_mandir}/man8/sudo_plugin_python.8.gz
+%attr(0644,root,root) %{_libexecdir}/sudo/python_plugin.so
+
+%changelog
+* Wed Mar 09 2022 Chunmei Xu <xuchunmei@linux.alibaba.com> - 1.9.10-1
+- init from usptream 1.9.10