diff --git a/sudo-1.6.8p12-sudoers.diff b/sudo-1.6.8p12-sudoers.diff index 3bdfeaf..f7eeaeb 100644 --- a/sudo-1.6.8p12-sudoers.diff +++ b/sudo-1.6.8p12-sudoers.diff @@ -1,22 +1,26 @@ --- sudoers +++ sudoers -@@ -13,6 +13,20 @@ +@@ -13,6 +13,24 @@ # Defaults specification -+# prevent environment variables from influencing programs in an -+# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, -+# CVE-2006-0151) ++# Prevent environment variables from influencing programs in an ++# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) +Defaults always_set_home +Defaults env_reset ++ +Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS" ++# Comment out the preceding line and uncomment the following one if you need ++# to use special input methods. This may allow users to compromise the root ++# account if they are allowed to run commands without authentication. ++#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" + +# In the default (unconfigured) configuration, sudo asks for the root password. +# This allows use of an ordinary user account for administration of a freshly +# installed system. When configuring sudo, delete the two +# following lines: -+Defaults targetpw # ask for the password of the target user i.e. root -+ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! ++Defaults targetpw # ask for the password of the target user i.e. root ++ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! + # Runas alias specification diff --git a/sudo.changes b/sudo.changes index 79084d4..08e048b 100644 --- a/sudo.changes +++ b/sudo.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jul 17 10:57:40 CEST 2007 - prusnak@suse.cz + +- added note about special input method variables into /etc/sudoers + (sudoers.diff) [#222728] + ------------------------------------------------------------------- Fri Jan 26 13:16:15 CET 2007 - prusnak@suse.cz diff --git a/sudo.spec b/sudo.spec index 06b395a..c6f6883 100644 --- a/sudo.spec +++ b/sudo.spec @@ -14,10 +14,10 @@ Name: sudo BuildRequires: openldap2-devel pam-devel postfix PreReq: coreutils Version: 1.6.8p12 -Release: 47 +Release: 81 Autoreqprov: on Group: System/Base -License: BSD License and BSD-like +License: BSD 3-Clause URL: http://www.sudo.ws/ Summary: Execute some commands as root Source0: %{name}-%{version}.tar.bz2 @@ -121,7 +121,10 @@ rm -rf $RPM_BUILD_ROOT %{_prefix}/lib/sudo /var/run/sudo -%changelog -n sudo +%changelog +* Tue Jul 17 2007 - prusnak@suse.cz +- added note about special input method variables into /etc/sudoers + (sudoers.diff) [#222728] * Fri Jan 26 2007 - prusnak@suse.cz - packaged script sudoers2ldif * can be used for importing /etc/sudoers to LDAP