Accepting request 226049 from Base:System

- update to 1.8.10p1 * Fixed a bug with netgated commands in "sudo -l command" that could cause the command to be listed even when it was explicitly denied. This only affected list mode when a command was specified. Bug #636. * It is now possible to disable network interface probing in sudo.conf by changing the value of the probe_interfaces setting. * When listing a user's privileges (sudo -l), the sudoers plugin will now prompt for the user's password even if the targetpw, rootpw or runaspw options are set. * The sudoers plugin uses a new format for its time stamp files. Bug #616. * sudo's -K option will now remove all of the user's time stamps, not just the time stamp for the current terminal. The -k option can be used to only disable time stamps for the current terminal. * If sudo was started in the background and needed to prompt for a password, it was not possible to suspend it at the password prompt * LDAP-based sudoers now uses a default search filter of (objectClass=sudoRole) for more efficient queries. The netgroup query has been modified to avoid falling below the minimum length for OpenLDAP substring indices. * The new use_netgroups sudoers option can be used to explicitly enable or disable netgroups support. For LDAP-based sudoers, netgroup support requires an expensive substring match on the server. If netgroups are not needed, this option can be disabled to reduce the load on the LDAP server. * Sudo is once again able to open the sudoers file when the group on sudoers doesn't match the expected value, so long as the file is not group writable. (forwarded request 225988 from vitezslav_cizek) OBS-URL: https://build.opensuse.org/request/show/226049 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=64
2014-03-18 15:21:18 +00:00 · 2014-03-18 15:21:18 +00:00 · 115ee49851
commit 115ee49851
parent e23062cdbd c78d53b990
4 changed files with 46 additions and 5 deletions
--- a/sudo-1.8.10p1.tar.gz
+++ b/sudo-1.8.10p1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bc0426b315c6e9d470b6fdb8d6afa6d924332c1ad24c8303f6b52e81fa1f32fb
+size 2260994
--- a/sudo-1.8.9p4.tar.gz
+++ b/sudo-1.8.9p4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1943f9e9409c6542935d2e2d862c48d0d69dcf27288b294b8b537c02f52ac7a7
-size 2178544
--- a/sudo.changes
+++ b/sudo.changes
@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Fri Mar 14 14:46:59 UTC 2014 - vcizek@suse.com
+
+- update to 1.8.10p1
+  * Fixed a bug with netgated commands in "sudo -l command" that
+    could cause the command to be listed even when it was explicitly
+    denied. This only affected list mode when a command was specified.
+    Bug #636.
+  * It is now possible to disable network interface probing in sudo.conf
+    by changing the value of the probe_interfaces setting.
+  * When listing a user's privileges (sudo -l), the sudoers plugin
+    will now prompt for the user's password even if the targetpw,
+    rootpw or runaspw options are set.
+  * The sudoers plugin uses a new format for its time stamp files.
+    Bug #616.
+  * sudo's -K option will now remove all of the user's time stamps,
+    not just the time stamp for the current terminal.
+    The -k option can be used to only disable time stamps for
+    the current terminal.
+  * If sudo was started in the background and needed to prompt for a
+    password, it was not possible to suspend it at the password prompt
+  * LDAP-based sudoers now uses a default search filter of
+    (objectClass=sudoRole) for more efficient queries.
+    The netgroup query has been modified to avoid falling below the
+    minimum length for OpenLDAP substring indices.
+  * The new use_netgroups sudoers option can be used to explicitly
+    enable or disable netgroups support. For LDAP-based sudoers,
+    netgroup support requires an expensive substring match on the server.
+    If netgroups are not needed, this option can be disabled to
+    reduce the load on the LDAP server.
+  * Sudo is once again able to open the sudoers file when the group
+    on sudoers doesn't match the expected value, so long as the
+    file is not group writable.
+  * Sudo now installs an init.d script to clear the time stamp
+    directory at boot time on AIX and HP-UX systems.
+    These systems either lack /var/run or do not clear it on boot.
+  * The JSON format used by visudo -x now properly supports the
+    negation operator. In addition, the Options object is now
+    the same for both Defaults and Cmnd_Specs.
+  * Fixed parsing of the "umask" defaults setting in sudoers. Bug #632.
+
 -------------------------------------------------------------------
 Thu Jan 30 12:12:28 UTC 2014 - vcizek@suse.com

--- a/sudo.spec
+++ b/sudo.spec
@ -17,7 +17,7 @@


 Name:           sudo
-Version:        1.8.9p4
+Version:        1.8.10p1
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC
@ -99,7 +99,7 @@ export LDFLAGS="-pie"
    --with-env-editor \
    --without-secure-path \
    --with-passprompt='%%p\x27s password:' \
-    --with-timedir=%{_localstatedir}/lib/sudo \
+    --with-rundir=%{_localstatedir}/lib/sudo \
    --with-sssd
 make %{?_smp_mflags}