Accepting request 213957 from Base:System
- update to 1.8.9p3 - set secure_path to /usr/sbin:/usr/bin:/sbin:/bin - changes since 1.8.8: * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name from being resolved properly on Linux systems. Bug #630. * Updated config.guess, config.sub and libtool to support the ppc64le architecture (IBM PowerPC Little Endian). * Fixed a problem with gcc 4.8's handling of bit fields that could lead to the noexec flag being enabled even when it was not explicitly set. * Reworked sudo's main event loop to use a simple event subsystem using poll(2) or select(2) as the back end. * It is now possible to statically compile the sudoers plugin into the sudo binary without disabling shared library support. The sudo.conf file may still be used to configure other plugins. * Sudo can now be compiled again with a C preprocessor that does not support variadic macros. * Visudo can now export a sudoers file in JSON format using the new -x flag. * The locale is now set correctly again for visudo and sudoreplay. * The plugin API has been extended to allow the plugin to exclude specific file descriptors from the "closefrom" range. * There is now a workaround for a Solaris-specific problem where NOEXEC was overriding traditional root DAC behavior. * Add user netgroup filtering for SSSD. Previously, rules for a netgroup were applied to all even when they did not belong to the specified netgroup. * On systems with BSD login classes, if the user specified a group (not a user) to run the command as, it was possible to specify a different login class even when the command was not run as the (forwarded request 213857 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/213957 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=61
This commit is contained in:
commit
0b1c91b96f
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9f911c1e9297fb8006deb52fa81197a8d06b9d54e70672f723c467ecae992fc9
|
||||
size 2117145
|
3
sudo-1.8.9p3.tar.gz
Normal file
3
sudo-1.8.9p3.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a2b1f0ec8aeb929c8430b1514cb53e2c2f882ea26cbb43426883d1cb6d22c5b7
|
||||
size 2177666
|
@ -1,8 +1,8 @@
|
||||
Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
|
||||
Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in
|
||||
===================================================================
|
||||
--- sudo-1.8.6p3.orig/plugins/sudoers/sudoers.in 2012-09-18 15:56:30.000000000 +0200
|
||||
+++ sudo-1.8.6p3/plugins/sudoers/sudoers.in 2013-06-11 15:23:30.510228590 +0200
|
||||
@@ -31,37 +31,36 @@
|
||||
--- sudo-1.8.9p3.orig/plugins/sudoers/sudoers.in 2014-01-07 19:08:50.000000000 +0100
|
||||
+++ sudo-1.8.9p3/plugins/sudoers/sudoers.in 2014-01-14 12:06:45.178813991 +0100
|
||||
@@ -31,37 +31,38 @@
|
||||
##
|
||||
## Defaults specification
|
||||
##
|
||||
@ -32,6 +32,8 @@ Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
|
||||
+## Prevent environment variables from influencing programs in an
|
||||
+## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
|
||||
+Defaults always_set_home
|
||||
+## Path that will be used for every command run from sudo
|
||||
+Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
+Defaults env_reset
|
||||
+## Change env_reset to !env_reset in previous line to keep all environment variables
|
||||
+## Following list will no longer be necessary after this change
|
||||
@ -63,7 +65,7 @@ Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
|
||||
##
|
||||
## Runas alias specification
|
||||
##
|
||||
@@ -77,14 +76,6 @@ root ALL=(ALL) ALL
|
||||
@@ -77,14 +78,6 @@ root ALL=(ALL) ALL
|
||||
## Same thing without a password
|
||||
# %wheel ALL=(ALL) NOPASSWD: ALL
|
||||
|
||||
@ -78,11 +80,11 @@ Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
|
||||
## Read drop-in files from @sysconfdir@/sudoers.d
|
||||
## (the '#' here does not indicate a comment)
|
||||
#includedir @sysconfdir@/sudoers.d
|
||||
Index: sudo-1.8.6p3/doc/sudoers.mdoc.in
|
||||
Index: sudo-1.8.9p3/doc/sudoers.mdoc.in
|
||||
===================================================================
|
||||
--- sudo-1.8.6p3.orig/doc/sudoers.mdoc.in 2012-09-18 15:57:43.000000000 +0200
|
||||
+++ sudo-1.8.6p3/doc/sudoers.mdoc.in 2013-06-11 15:27:23.331273355 +0200
|
||||
@@ -1468,7 +1468,7 @@ is present in the
|
||||
--- sudo-1.8.9p3.orig/doc/sudoers.mdoc.in 2014-01-07 19:08:50.000000000 +0100
|
||||
+++ sudo-1.8.9p3/doc/sudoers.mdoc.in 2014-01-14 11:46:33.718336561 +0100
|
||||
@@ -1609,7 +1609,7 @@ is present in the
|
||||
.Em env_keep
|
||||
list.
|
||||
This flag is
|
||||
@ -91,7 +93,7 @@ Index: sudo-1.8.6p3/doc/sudoers.mdoc.in
|
||||
by default.
|
||||
.It authenticate
|
||||
If set, users must authenticate themselves via a password (or other
|
||||
@@ -1712,7 +1712,7 @@ If set,
|
||||
@@ -1910,7 +1910,7 @@ If set,
|
||||
.Nm sudo
|
||||
will insult users when they enter an incorrect password.
|
||||
This flag is
|
||||
@ -100,7 +102,7 @@ Index: sudo-1.8.6p3/doc/sudoers.mdoc.in
|
||||
by default.
|
||||
.It log_host
|
||||
If set, the host name will be logged in the (non-syslog)
|
||||
@@ -2121,7 +2121,7 @@ database as an argument to the
|
||||
@@ -2363,7 +2363,7 @@ database as an argument to the
|
||||
.Fl u
|
||||
option.
|
||||
This flag is
|
||||
|
40
sudo.changes
40
sudo.changes
@ -1,3 +1,43 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 14 10:49:21 UTC 2014 - vcizek@suse.com
|
||||
|
||||
- update to 1.8.9p3
|
||||
- set secure_path to /usr/sbin:/usr/bin:/sbin:/bin
|
||||
- changes since 1.8.8:
|
||||
* Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
|
||||
from being resolved properly on Linux systems. Bug #630.
|
||||
* Updated config.guess, config.sub and libtool to support the ppc64le
|
||||
architecture (IBM PowerPC Little Endian).
|
||||
* Fixed a problem with gcc 4.8's handling of bit fields that could
|
||||
lead to the noexec flag being enabled even when it was not
|
||||
explicitly set.
|
||||
* Reworked sudo's main event loop to use a simple event subsystem
|
||||
using poll(2) or select(2) as the back end.
|
||||
* It is now possible to statically compile the sudoers plugin into
|
||||
the sudo binary without disabling shared library support. The
|
||||
sudo.conf file may still be used to configure other plugins.
|
||||
* Sudo can now be compiled again with a C preprocessor that does
|
||||
not support variadic macros.
|
||||
* Visudo can now export a sudoers file in JSON format using the
|
||||
new -x flag.
|
||||
* The locale is now set correctly again for visudo and sudoreplay.
|
||||
* The plugin API has been extended to allow the plugin to exclude
|
||||
specific file descriptors from the "closefrom" range.
|
||||
* There is now a workaround for a Solaris-specific problem where
|
||||
NOEXEC was overriding traditional root DAC behavior.
|
||||
* Add user netgroup filtering for SSSD. Previously, rules for
|
||||
a netgroup were applied to all even when they did not belong
|
||||
to the specified netgroup.
|
||||
* On systems with BSD login classes, if the user specified a group
|
||||
(not a user) to run the command as, it was possible to specify
|
||||
a different login class even when the command was not run as the
|
||||
super user.
|
||||
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
|
||||
* Fixed a bug where sudoedit would not update the original file
|
||||
from the temporary when PAM or I/O logging is not enabled.
|
||||
* When recycling I/O logs, the log files are now truncated properly.
|
||||
* Fixes bugs #617, #621, #622, #623, #624, #625, #626
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 8 09:21:18 UTC 2013 - vcizek@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package sudo
|
||||
#
|
||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,7 +17,7 @@
|
||||
|
||||
|
||||
Name: sudo
|
||||
Version: 1.8.8
|
||||
Version: 1.8.9p3
|
||||
Release: 0
|
||||
Summary: Execute some commands as root
|
||||
License: ISC
|
||||
|
Loading…
Reference in New Issue
Block a user