pool/sudo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 867171 from Base:System

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/867171
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=121
This commit is contained in:
Dominique Leuenberger 2021-01-27 17:57:02 +00:00 committed by Git OBS Bridge
commit afef573fda
6 changed files with 129 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sudo-1.9.5p1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882
size 4008926

BIN
sudo-1.9.5p1.tar.gz.sig
View File

Binary file not shown.

3
sudo-1.9.5p2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
size 4012277

BIN
sudo-1.9.5p2.tar.gz.sig Normal file
View File

Binary file not shown.

36
sudo.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Wed Jan 27 00:25:10 UTC 2021 - Simon Lees <sflees@suse.de>
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com> Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
@ -23,7 +51,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
warning, help and usage messages as well as the matching of Debug warning, help and usage messages as well as the matching of Debug
lines in the /etc/sudo.conf file. Previously, it was possible lines in the /etc/sudo.conf file. Previously, it was possible
for the invoking user to manipulate the program name by setting for the invoking user to manipulate the program name by setting
argv[0] to an arbitrary value when executing sudo. argv[0] to an arbitrary value when executing sudo. (bsc#1180687)
* Sudo now checks for failure when setting the close-on-exec flag * Sudo now checks for failure when setting the close-on-exec flag
on open file descriptors. This should never fail but, if it on open file descriptors. This should never fail but, if it
were to, there is the possibility of a file descriptor leak to were to, there is the possibility of a file descriptor leak to
@ -40,7 +68,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
link does not exist, an error message will be displayed. The link does not exist, an error message will be displayed. The
race condition can be used to test for the existence of an race condition can be used to test for the existence of an
arbitrary directory. However, it _cannot_ be used to write to arbitrary directory. However, it _cannot_ be used to write to
an arbitrary location. an arbitrary location. (bsc#1180684)
* Fixed CVE-2021-23240, a flaw in the temporary file handling of * Fixed CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is sudoedit's SELinux RBAC support. On systems where SELinux is
enabled, a user with sudoedit permissions may be able to set the enabled, a user with sudoedit permissions may be able to set the
@ -48,7 +76,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
On Linux kernels that support "protected symlinks", setting On Linux kernels that support "protected symlinks", setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from /proc/sys/fs/protected_symlinks to 1 will prevent the bug from
being exploited. For more information see being exploited. For more information see
https://www.sudo.ws/alerts/sudoedit_selinux.html. https://www.sudo.ws/alerts/sudoedit_selinux.html. (bsc#1180685)
* Added writability checks for sudoedit when SELinux RBAC is in use. * Added writability checks for sudoedit when SELinux RBAC is in use.
This makes sudoedit behavior consistent regardless of whether This makes sudoedit behavior consistent regardless of whether
or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir"
@ -2820,5 +2848,3 @@ Wed Nov 6 00:13:26 CET 1996 - florian@suse.de
- update to version 1.5.2 - update to version 1.5.2
- sudo has changed a lot, please check the sudo documentation - sudo has changed a lot, please check the sudo documentation

2
sudo.spec
View File

@ -22,7 +22,7 @@
%define use_usretc 1 %define use_usretc 1
%endif %endif
Name: sudo Name: sudo
Version: 1.9.5p1 Version: 1.9.5p2
Release: 0 Release: 0
Summary: Execute some commands as root Summary: Execute some commands as root
License: ISC License: ISC