Accepting request 213957 from Base:System

- update to 1.8.9p3
- set secure_path to /usr/sbin:/usr/bin:/sbin:/bin
- changes since 1.8.8:
  * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
    from being resolved properly on Linux systems.  Bug #630.
  * Updated config.guess, config.sub and libtool to support the ppc64le
    architecture (IBM PowerPC Little Endian).
  * Fixed a problem with gcc 4.8's handling of bit fields that could
    lead to the noexec flag being enabled even when it was not
    explicitly set.
  * Reworked sudo's main event loop to use a simple event subsystem
    using poll(2) or select(2) as the back end.
  * It is now possible to statically compile the sudoers plugin into
    the sudo binary without disabling shared library support.  The
    sudo.conf file may still be used to configure other plugins.
  * Sudo can now be compiled again with a C preprocessor that does
    not support variadic macros.
  * Visudo can now export a sudoers file in JSON format using the
    new -x flag.
  * The locale is now set correctly again for visudo and sudoreplay.
  * The plugin API has been extended to allow the plugin to exclude
    specific file descriptors from the "closefrom" range.
  * There is now a workaround for a Solaris-specific problem where
    NOEXEC was overriding traditional root DAC behavior.
  * Add user netgroup filtering for SSSD. Previously, rules for
    a netgroup were applied to all even when they did not belong
    to the specified netgroup.
  * On systems with BSD login classes, if the user specified a group
    (not a user) to run the command as, it was possible to specify
    a different login class even when the command was not run as the (forwarded request 213857 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/213957
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=61

sudo-1.8.8.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9f911c1e9297fb8006deb52fa81197a8d06b9d54e70672f723c467ecae992fc9
-size 2117145

sudo-1.8.9p3.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a2b1f0ec8aeb929c8430b1514cb53e2c2f882ea26cbb43426883d1cb6d22c5b7
+size 2177666

sudo-sudoers.patch

@@ -1,8 +1,8 @@
-Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
+Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in
 ===================================================================
---- sudo-1.8.6p3.orig/plugins/sudoers/sudoers.in	2012-09-18 15:56:30.000000000 +0200
-+++ sudo-1.8.6p3/plugins/sudoers/sudoers.in	2013-06-11 15:23:30.510228590 +0200
-@@ -31,37 +31,36 @@
+--- sudo-1.8.9p3.orig/plugins/sudoers/sudoers.in	2014-01-07 19:08:50.000000000 +0100
++++ sudo-1.8.9p3/plugins/sudoers/sudoers.in	2014-01-14 12:06:45.178813991 +0100
+@@ -31,37 +31,38 @@
  ##
  ## Defaults specification
  ##
@@ -32,6 +32,8 @@ Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
 +## Prevent environment variables from influencing programs in an
 +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
 +Defaults always_set_home
++## Path that will be used for every command run from sudo
++Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
 +Defaults env_reset
 +## Change env_reset to !env_reset in previous line to keep all environment variables
 +## Following list will no longer be necessary after this change
@@ -63,7 +65,7 @@ Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
  ##
  ## Runas alias specification
  ##
-@@ -77,14 +76,6 @@ root ALL=(ALL) ALL
+@@ -77,14 +78,6 @@ root ALL=(ALL) ALL
  ## Same thing without a password
  # %wheel ALL=(ALL) NOPASSWD: ALL
  
@@ -78,11 +80,11 @@ Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
  ## Read drop-in files from @sysconfdir@/sudoers.d
  ## (the '#' here does not indicate a comment)
  #includedir @sysconfdir@/sudoers.d
-Index: sudo-1.8.6p3/doc/sudoers.mdoc.in
+Index: sudo-1.8.9p3/doc/sudoers.mdoc.in
 ===================================================================
---- sudo-1.8.6p3.orig/doc/sudoers.mdoc.in	2012-09-18 15:57:43.000000000 +0200
-+++ sudo-1.8.6p3/doc/sudoers.mdoc.in	2013-06-11 15:27:23.331273355 +0200
-@@ -1468,7 +1468,7 @@ is present in the
+--- sudo-1.8.9p3.orig/doc/sudoers.mdoc.in	2014-01-07 19:08:50.000000000 +0100
++++ sudo-1.8.9p3/doc/sudoers.mdoc.in	2014-01-14 11:46:33.718336561 +0100
+@@ -1609,7 +1609,7 @@ is present in the
  .Em env_keep
  list.
  This flag is
@@ -91,7 +93,7 @@ Index: sudo-1.8.6p3/doc/sudoers.mdoc.in
  by default.
  .It authenticate
  If set, users must authenticate themselves via a password (or other
-@@ -1712,7 +1712,7 @@ If set,
+@@ -1910,7 +1910,7 @@ If set,
  .Nm sudo
  will insult users when they enter an incorrect password.
  This flag is
@@ -100,7 +102,7 @@ Index: sudo-1.8.6p3/doc/sudoers.mdoc.in
  by default.
  .It log_host
  If set, the host name will be logged in the (non-syslog)
-@@ -2121,7 +2121,7 @@ database as an argument to the
+@@ -2363,7 +2363,7 @@ database as an argument to the
  .Fl u
  option.
  This flag is

sudo.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Tue Jan 14 10:49:21 UTC 2014 - vcizek@suse.com
+
+- update to 1.8.9p3
+- set secure_path to /usr/sbin:/usr/bin:/sbin:/bin
+- changes since 1.8.8:
+  * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
+    from being resolved properly on Linux systems.  Bug #630.
+  * Updated config.guess, config.sub and libtool to support the ppc64le
+    architecture (IBM PowerPC Little Endian).
+  * Fixed a problem with gcc 4.8's handling of bit fields that could
+    lead to the noexec flag being enabled even when it was not
+    explicitly set.
+  * Reworked sudo's main event loop to use a simple event subsystem
+    using poll(2) or select(2) as the back end.
+  * It is now possible to statically compile the sudoers plugin into
+    the sudo binary without disabling shared library support.  The
+    sudo.conf file may still be used to configure other plugins.
+  * Sudo can now be compiled again with a C preprocessor that does
+    not support variadic macros.
+  * Visudo can now export a sudoers file in JSON format using the
+    new -x flag.
+  * The locale is now set correctly again for visudo and sudoreplay.
+  * The plugin API has been extended to allow the plugin to exclude
+    specific file descriptors from the "closefrom" range.
+  * There is now a workaround for a Solaris-specific problem where
+    NOEXEC was overriding traditional root DAC behavior.
+  * Add user netgroup filtering for SSSD. Previously, rules for
+    a netgroup were applied to all even when they did not belong
+    to the specified netgroup.
+  * On systems with BSD login classes, if the user specified a group
+    (not a user) to run the command as, it was possible to specify
+    a different login class even when the command was not run as the
+    super user.
+  * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
+  * Fixed a bug where sudoedit would not update the original file
+    from the temporary when PAM or I/O logging is not enabled.
+  * When recycling I/O logs, the log files are now truncated properly.
+  * Fixes bugs #617, #621, #622, #623, #624, #625, #626
+
 -------------------------------------------------------------------
 Tue Oct  8 09:21:18 UTC 2013 - vcizek@suse.com
 

sudo.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           sudo
-Version:        1.8.8
+Version:        1.8.9p3
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC