pool/sudo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 867171 from Base:System

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/867171
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=121
This commit is contained in:
Dominique Leuenberger 2021-01-27 17:57:02 +00:00 committed by Git OBS Bridge
commit afef573fda
6 changed files with 129 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sudo-1.9.5p1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882
size 4008926

BIN
sudo-1.9.5p1.tar.gz.sig
View File

Binary file not shown.

3
sudo-1.9.5p2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
size 4012277

BIN
sudo-1.9.5p2.tar.gz.sig Normal file
View File

Binary file not shown.

36
sudo.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Wed Jan 27 00:25:10 UTC 2021 - Simon Lees <sflees@suse.de>
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
-------------------------------------------------------------------
Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
@ -23,7 +51,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
warning, help and usage messages as well as the matching of Debug
lines in the /etc/sudo.conf file. Previously, it was possible
for the invoking user to manipulate the program name by setting
argv[0] to an arbitrary value when executing sudo.
argv[0] to an arbitrary value when executing sudo. (bsc#1180687)
* Sudo now checks for failure when setting the close-on-exec flag
on open file descriptors. This should never fail but, if it
were to, there is the possibility of a file descriptor leak to
@ -40,7 +68,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
link does not exist, an error message will be displayed. The
race condition can be used to test for the existence of an
arbitrary directory. However, it _cannot_ be used to write to
an arbitrary location.
an arbitrary location. (bsc#1180684)
* Fixed CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is
enabled, a user with sudoedit permissions may be able to set the
@ -48,7 +76,7 @@ Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
On Linux kernels that support "protected symlinks", setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from
being exploited. For more information see
https://www.sudo.ws/alerts/sudoedit_selinux.html.
https://www.sudo.ws/alerts/sudoedit_selinux.html. (bsc#1180685)
* Added writability checks for sudoedit when SELinux RBAC is in use.
This makes sudoedit behavior consistent regardless of whether
or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir"
@ -2820,5 +2848,3 @@ Wed Nov 6 00:13:26 CET 1996 - florian@suse.de
- update to version 1.5.2
- sudo has changed a lot, please check the sudo documentation

2
sudo.spec
View File

@ -22,7 +22,7 @@
%define use_usretc 1
%endif
Name: sudo
Version: 1.9.5p1
Version: 1.9.5p2
Release: 0
Summary: Execute some commands as root
License: ISC