Accepting request 1100258 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1100258 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=147
2023-07-25 09:22:45 +00:00 · 2023-07-25 09:22:45 +00:00 · eb88b88e35
commit eb88b88e35
parent b541b516a5 c10ea702eb
7 changed files with 95 additions and 12 deletions
--- a/sudo-1.9.13p3.tar.gz
+++ b/sudo-1.9.13p3.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:92334a12bb93e0c056b09f53e255ccb7d6f67c6350e2813cd9593ceeca78560b
-size 5100355
--- a/sudo-1.9.13p3.tar.gz.sig
+++ b/sudo-1.9.13p3.tar.gz.sig
--- a/sudo-1.9.14p1.tar.gz
+++ b/sudo-1.9.14p1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e91bf5ef2e09d857ee901c3465cf7ddb37e43c763b65d19fa0862d1dec128faf
+size 5230440
--- a/sudo-1.9.14p1.tar.gz.sig
+++ b/sudo-1.9.14p1.tar.gz.sig
--- a/sudo-sudoers.patch
+++ b/sudo-sudoers.patch
@ -1,7 +1,7 @@
-diff --git a/plugins/sudoers/sudoers.in b/plugins/sudoers/sudoers.in
-index 5efda5d..e757da4 100644
--- a/plugins/sudoers/sudoers.in
-+++ b/plugins/sudoers/sudoers.in
+Index: sudo-1.9.14p1/plugins/sudoers/sudoers.in
+===================================================================
+--- sudo-1.9.14p1.orig/plugins/sudoers/sudoers.in
+++ sudo-1.9.14p1/plugins/sudoers/sudoers.in
@@ -32,32 +32,23 @@
 ##
 ## Defaults specification
@ -50,9 +50,9 @@ index 5efda5d..e757da4 100644
 +## Use this PATH instead of the user's to find commands.
 +Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
 ##
- ## Uncomment to send mail if the user does not enter the correct password.
- # Defaults mail_badpass
-@@ -68,10 +59,16 @@
+ ## Uncomment to restore the historic behavior where a command is run in
+ ## the user's own terminal.
+@@ -72,10 +63,16 @@
 ## Set maxseq to a smaller number if you don't have unlimited disk space.
 # Defaults log_output
 # Defaults!/usr/bin/sudoreplay !log_output
@ -70,7 +70,7 @@ index 5efda5d..e757da4 100644
 ##
 ## Runas alias specification
 ##
-@@ -87,13 +84,5 @@ root ALL=(ALL:ALL) ALL
+@@ -91,13 +88,5 @@ root ALL=(ALL:ALL) ALL
 ## Same thing without a password
 # %wheel ALL=(ALL:ALL) NOPASSWD: ALL
 
--- a/sudo.changes
+++ b/sudo.changes
@ -1,3 +1,86 @@
+-------------------------------------------------------------------
+Wed Jul 12 09:27:18 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
+
+- Update to 1.9.14p1:
+  * Fixed an invalid free bug in sudo_logsrvd that was introduced
+    in version 1.9.14 which could cause sudo_logsrvd to crash.
+  * The sudoers plugin no longer tries to send the terminal name
+    to the log server when no terminal is present.  This bug was
+    introduced in version 1.9.14.
+  * Fixed a bug where if the "intercept" or "log_subcmds" sudoers
+    option was enabled and a sub-command was run where the first
+    entry of the argument vector didn't match the command being run.
+    This resulted in commands like "sudo su -" being killed due to
+    the mismatch.  Bug #1050.
+  * The sudoers plugin now canonicalizes command path names before
+    matching (where possible).  This fixes a bug where sudo could
+    execute the wrong path if there are multiple symbolic links with
+    the same target and the same base name in sudoers that a user is
+    allowed to run.  GitHub issue #228.
+  * Improved command matching when a chroot is specified in sudoers.
+    The sudoers plugin will now change the root directory id needed
+    before performing command matching.  Previously, the root directory
+    was simply prepended to the path that was being processed.
+  * When NETGROUP_BASE is set in the ldap.conf file, sudo will now
+    perform its own netgroup lookups of the host name instead of
+    using the system innetgr(3) function.  This guarantees that user
+    and host netgroup lookups are performed using  the same LDAP
+    server (or servers).
+  * Fixed a bug introduced in sudo 1.9.13 that resulted in a missing
+    " ; " separator between environment variables and the command
+    in log entries.
+  * The visudo utility now displays a warning when it ignores a file
+    in an include dir such as /etc/sudoers.d.
+  * When running a command in a pseudo-terminal, sudo will initialize
+    the terminal settings even if it is the background process.
+    Previously, sudo only initialized the pseudo-terminal when running
+    in the foreground.  This fixes an issue where a program that
+    checks the window size would read the wrong value when sudo was
+    running in the background.
+  * Fixed a bug where only the first two digits of the TSID field
+    being was logged.  Bug #1046.
+  * The "log_pty" sudoers option is now enabled by default.  To
+    restore the historic behavior where a command is run in the
+    user's terminal, add "Defaults !use_pty" to the sudoers file.
+    GitHub issue #258.
+  * Sudo's "-b" option now works when the command is run in a
+    pseudo-terminal.
+  * When disabling core dumps, sudo now only modifies the soft limit
+    and leaves the hard limit as-is.  This avoids problems on Linux
+    when sudo does not have CAP_SYS_RESOURCE, which may be the case
+    when run inside a container.  GitHub issue #42.
+  * Sudo configuration file paths have been converted to colon-separated
+    lists of paths.  This makes it possible to have configuration
+    files on a read-only file system while still allowing for local
+    modifications in a different (writable) directory.  The new
+    --enable-adminconf configure option can be used to specify a
+    directory that is searched for configuration files in preference
+    to the sysconfdir (which is usually /etc).
+  * The "intercept_verify" sudoers option is now only applied when
+    the "intercept" option is set in sudoers.  Previously, it was
+    also applied when "log_subcmds" was enabled.
+  * The NETGROUP_QUERY ldap.conf parameter can now be disabled for
+    LDAP servers that do not support querying the nisNetgroup object
+    by its nisNetgroupTriple attribute, while still allowing sudo to
+    query the LDAP server directly to determine netgroup membership.
+  * Fixed a long-standing bug where a sudoers rule without an explicit
+    runas list allowed the user to run a command as root and any
+    group instead of just one of the groups that root is a member
+    of.  For example, a rule such as "myuser ALL = ALL" would permit
+    "sudo -u root -g othergroup" even if root did not belong to
+    "othergroup".
+  * Fixed a bug where a sudoers rule with an explicit runas list
+    allowed a user to run sudo commands as themselves.  For example,
+    a rule such as "myuser ALL = (root) ALL", "myuser" should only
+    allow commands to be run as root (optionally using one of root's
+    groups).  However, the rule also allowed the user to run
+    "sudo -u myuser -g myuser command".
+  * Fixed a bug that prevented the user from specifying a group on
+    the command line via "sudo -g" if the rule's Runas_Spec contained
+    a Runas_Alias.
+  * Sudo now requires a C compiler that conforms to ISO C99 or higher
+    to build.
+
 -------------------------------------------------------------------
 Fri Mar 31 13:05:27 UTC 2023 - Michal Koutný <mkoutny@suse.com>

--- a/sudo.spec
+++ b/sudo.spec
@ -17,7 +17,7 @@


 Name:           sudo
-Version:        1.9.13p3
+Version:        1.9.14p1
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC