pool/sudo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 738914 from home:vitezslav_cizek:branches:Base:System

Browse Source 
- Update to 1.8,28p1
  * The fix for Bug #869 caused "sudo -v" to prompt for a password
    when "verifypw" is set to "all" (the default) and all of the
    user's sudoers entries are marked with NOPASSWD.  Bug #901.

- Update to 1.8.28
 * Fixed CVE-2019-14287 (bsc#1153674),
   a bug where a sudo user may be able to
   run a command as root when the Runas specification explicitly
   disallows root access as long as the ALL keyword is listed first.
   * Sudo will now only set PAM_TTY to the empty string when no
   terminal is present on Solaris and Linux.  This workaround is
   only needed on those systems which may have PAM modules that
   misbehave when PAM_TTY is not set.
 * The mailerflags sudoers option now has a default value even if
   sendmail support was disabled at configure time.  Fixes a crash
   when the mailerpath sudoers option is set but mailerflags is not.
   Bug #878.
 * Sudo will now filter out last login messages on HP-UX unless it
   a shell is being run via "sudo -s" or "sudo -i".  Otherwise,
   when trusted mode is enabled, these messages will be displayed
   for each command.
 * Sudo has a new -B command line option that will ring the terminal
   bell when prompting for a password.
 * Sudo no longer refuses to prompt for a password when it cannot
   determine the user's terminal as long as it can open /dev/tty.
   This allows sudo to function on systems where /proc is unavailable,
   such as when running in a chroot environment.
 * The "env_editor" sudoers flag is now on by default.  This makes
   source builds more consistent with the packages generated by

OBS-URL: https://build.opensuse.org/request/show/738914
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=156
This commit is contained in:
Dirk Mueller 2019-10-28 10:04:59 +00:00 committed by Git OBS Bridge
parent 69d80cc452
commit 7c6c82c48c
7 changed files with 85 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sudo-1.8.27.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7beb68b94471ef56d8a1036dbcdc09a7b58a949a68ffce48b83f837dd33e2ec0
size 3293178

BIN
sudo-1.8.27.tar.gz.sig
View File

Binary file not shown.

3
sudo-1.8.28p1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:23ba5a84af31e3b5ded58d4be6d3f6939a495a55561fba92c6941b79a6e8b027
size 3310254

BIN
sudo-1.8.28p1.tar.gz.sig Normal file
View File

Binary file not shown.

20
sudo-sudoers.patch
View File

@ -1,7 +1,7 @@
Index: sudo-1.8.14p3/plugins/sudoers/sudoers.in Index: sudo-1.8.28/plugins/sudoers/sudoers.in
=================================================================== ===================================================================
--- sudo-1.8.14p3.orig/plugins/sudoers/sudoers.in --- sudo-1.8.28.orig/plugins/sudoers/sudoers.in 2019-10-14 17:00:02.176362373 +0200
+++ sudo-1.8.14p3/plugins/sudoers/sudoers.in +++ sudo-1.8.28/plugins/sudoers/sudoers.in 2019-10-14 17:00:04.688378325 +0200
@@ -32,30 +32,23 @@ @@ -32,30 +32,23 @@
## ##
## Defaults specification ## Defaults specification
@ -82,20 +82,20 @@ Index: sudo-1.8.14p3/plugins/sudoers/sudoers.in
## Read drop-in files from @sysconfdir@/sudoers.d ## Read drop-in files from @sysconfdir@/sudoers.d
## (the '#' here does not indicate a comment) ## (the '#' here does not indicate a comment)
#includedir @sysconfdir@/sudoers.d #includedir @sysconfdir@/sudoers.d
Index: sudo-1.8.14p3/doc/sudoers.mdoc.in Index: sudo-1.8.28/doc/sudoers.mdoc.in
=================================================================== ===================================================================
--- sudo-1.8.14p3.orig/doc/sudoers.mdoc.in --- sudo-1.8.28.orig/doc/sudoers.mdoc.in 2019-10-14 17:00:02.176362373 +0200
+++ sudo-1.8.14p3/doc/sudoers.mdoc.in +++ sudo-1.8.28/doc/sudoers.mdoc.in 2019-10-14 17:03:30.841685660 +0200
@@ -1711,7 +1711,7 @@ is present in the @@ -1972,7 +1972,7 @@ is present in the
.Em env_keep .Em env_keep
list. list, both of which are strongly discouraged.
This flag is This flag is
-.Em off -.Em off
+.Em on +.Em on
by default. by default.
.It authenticate .It authenticate
If set, users must authenticate themselves via a password (or other If set, users must authenticate themselves via a password (or other
@@ -2027,7 +2027,7 @@ If set, @@ -2364,7 +2364,7 @@ If set,
.Nm sudo .Nm sudo
will insult users when they enter an incorrect password. will insult users when they enter an incorrect password.
This flag is This flag is
@ -104,7 +104,7 @@ Index: sudo-1.8.14p3/doc/sudoers.mdoc.in
by default. by default.
.It log_host .It log_host
If set, the host name will be logged in the (non-syslog) If set, the host name will be logged in the (non-syslog)
@@ -2508,7 +2508,7 @@ database as an argument to the @@ -2941,7 +2941,7 @@ database as an argument to the
.Fl u .Fl u
option. option.
This flag is This flag is

66
sudo.changes
View File

@ -1,3 +1,69 @@
-------------------------------------------------------------------
Wed Oct 16 15:08:29 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.8,28p1
* The fix for Bug #869 caused "sudo -v" to prompt for a password
when "verifypw" is set to "all" (the default) and all of the
user's sudoers entries are marked with NOPASSWD. Bug #901.
-------------------------------------------------------------------
Mon Oct 14 15:10:21 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
- Update to 1.8.28
* Fixed CVE-2019-14287 (bsc#1153674),
a bug where a sudo user may be able to
run a command as root when the Runas specification explicitly
disallows root access as long as the ALL keyword is listed first.
* Sudo will now only set PAM_TTY to the empty string when no
terminal is present on Solaris and Linux. This workaround is
only needed on those systems which may have PAM modules that
misbehave when PAM_TTY is not set.
* The mailerflags sudoers option now has a default value even if
sendmail support was disabled at configure time. Fixes a crash
when the mailerpath sudoers option is set but mailerflags is not.
Bug #878.
* Sudo will now filter out last login messages on HP-UX unless it
a shell is being run via "sudo -s" or "sudo -i". Otherwise,
when trusted mode is enabled, these messages will be displayed
for each command.
* Sudo has a new -B command line option that will ring the terminal
bell when prompting for a password.
* Sudo no longer refuses to prompt for a password when it cannot
determine the user's terminal as long as it can open /dev/tty.
This allows sudo to function on systems where /proc is unavailable,
such as when running in a chroot environment.
* The "env_editor" sudoers flag is now on by default. This makes
source builds more consistent with the packages generated by
sudo's mkpkg script.
* Fixed a bad interaction with configure's --prefix and
--disable-shared options. Bug #886.
* More verbose error message when a password is required and no terminal
is present. Bug #828.
* Command tags, such as NOPASSWD, are honored when a user tries to run a
command that is allowed by sudoers but which does not actually
exist on the file system. Bug #888.
* I/O log timing files now store signal suspend and resume information
in the form of a signal name instead of a number.
* Fixed a bug introduced in 1.8.24 that prevented sudo from honoring
the value of "ipa_hostname" from sssd.conf, if specified, when
matching the host name.
* Fixed a bug introduced in 1.8.21 that prevented the core dump
resource limit set in the pam_limits module from taking effect.
Bug #894.
* Fixed parsing of double-quoted Defaults group and netgroup bindings.
* The user ID is now used when matching sudoUser attributes in LDAP.
Previously, the user name, group name and group IDs were used
when matching but not the user ID.
* Sudo now writes PAM messages to the user's terminal, if available,
instead of the standard output or standard error. This prevents
PAM output from being intermixed with that of the command when
output is sent to a file or pipe. Bug #895.
* Sudoedit now honors the umask and umask_override settings in sudoers.
Previously, the user's umask was used as-is.
* Fixed a bug where the terminal's file context was not restored
when using SELinux RBAC. Bug #898.
- refresh sudo-sudoers.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Aug 18 08:08:52 UTC 2019 - Oliver Kurz <okurz@suse.com> Sun Aug 18 08:08:52 UTC 2019 - Oliver Kurz <okurz@suse.com>

10
sudo.spec
View File

@ -17,7 +17,7 @@
Name: sudo Name: sudo
Version: 1.8.27 Version: 1.8.28p1
Release: 0 Release: 0
Summary: Execute some commands as root Summary: Execute some commands as root
License: ISC License: ISC
@ -173,9 +173,10 @@ chmod 0440 %{_sysconfdir}/sudoers
%dir %{_libexecdir}/%{name} %dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/sesh %{_libexecdir}/%{name}/sesh
%{_libexecdir}/%{name}/sudo_noexec.so %{_libexecdir}/%{name}/sudo_noexec.so
%{_libexecdir}/%{name}/sudoers.so %dir %{_libexecdir}/%{name}/%{name}
%{_libexecdir}/%{name}/group_file.so %{_libexecdir}/%{name}/%{name}/sudoers.so
%{_libexecdir}/%{name}/system_group.so %{_libexecdir}/%{name}/%{name}/group_file.so
%{_libexecdir}/%{name}/%{name}/system_group.so
%{_libexecdir}/%{name}/libsudo_util.so.* %{_libexecdir}/%{name}/libsudo_util.so.*
%attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name} %attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts %attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts
@ -187,6 +188,7 @@ chmod 0440 %{_sysconfdir}/sudoers
%{_includedir}/sudo_plugin.h %{_includedir}/sudo_plugin.h
%{_mandir}/man8/sudo_plugin.8%{?ext_man} %{_mandir}/man8/sudo_plugin.8%{?ext_man}
%attr(0644,root,root) %{_libexecdir}/%{name}/libsudo_util.so %attr(0644,root,root) %{_libexecdir}/%{name}/libsudo_util.so
%{_libexecdir}/%{name}/sudo/*.la
%{_libexecdir}/%{name}/*.la %{_libexecdir}/%{name}/*.la
%files test %files test