Commit Graph

269 Commits

Author SHA256 Message Date
Dominique Leuenberger
7c9537165f Accepting request 1068081 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1068081
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=143
2023-03-01 15:13:33 +00:00
Jason Sikes
ab630daf5c Accepting request 1068080 from home:jsikes:branches:Base:System
Update that fixes bsc1208595! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1068080
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=233
2023-02-28 01:47:49 +00:00
Dominique Leuenberger
b5593e3f2c Accepting request 1067332 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1067332
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=142
2023-02-25 18:54:25 +00:00
Jason Sikes
23d15e05f3 Accepting request 1066577 from home:jsikes:branches:Base:System
Update to 1.9.13p1! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1066577
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=231
2023-02-23 08:56:52 +00:00
Dominique Leuenberger
499550670b Accepting request 1066068 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1066068
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=141
2023-02-17 15:43:45 +00:00
Jason Sikes
bf67a396fd Accepting request 1065829 from home:jsikes:branches:Base:System
Update to 1.9.13! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1065829
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=229
2023-02-15 22:46:09 +00:00
Dominique Leuenberger
a97ce1b655 Accepting request 1060308 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1060308
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=140
2023-01-24 18:41:58 +00:00
Jason Sikes
f0df0be3cd Accepting request 1060306 from home:jsikes:branches:Base:System
Fix that addresses bsc#1207082. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/1060306
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=227
2023-01-22 22:07:43 +00:00
Dominique Leuenberger
688eb82737 Accepting request 1037191 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1037191
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=139
2022-11-23 08:47:30 +00:00
Jason Sikes
5e11511896 Accepting request 1037190 from home:jsikes:branches:Base:System
Update to sudo-1.9.12p1! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1037190
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=225
2022-11-21 22:44:26 +00:00
Dominique Leuenberger
3af64af2bc Force re-apply fix for CVE-2022-43995
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=138
2022-11-07 08:26:04 +00:00
Dominique Leuenberger
46d8b05655 https://bugzilla.suse.com/show_bug.cgi?id=1205094
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=137
2022-11-07 08:20:11 +00:00
Dominique Leuenberger
e884624d21 Accepting request 1033644 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1033644
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=136
2022-11-05 13:46:47 +00:00
Jason Sikes
a4384d0471 Accepting request 1033421 from home:jsikes:branches:Base:System
Fix for CVE-2022-43995! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1033421
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=223
2022-11-05 01:36:10 +00:00
Dominique Leuenberger
8250ad4c64 Accepting request 1032755 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1032755
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=135
2022-11-03 18:13:03 +00:00
Jason Sikes
829dc336b7 Accepting request 1032754 from home:jsikes:branches:Base:System
Changes for bsc#1203978 and PED-260! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1032754
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=221
2022-11-01 22:57:05 +00:00
Dominique Leuenberger
8228a6cd9d Accepting request 1031418 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1031418
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=134
2022-10-28 17:28:55 +00:00
Jason Sikes
4fec79beac Accepting request 1031218 from home:jsikes:branches:Base:System
Update to 1.9.12! Enjoy.

OBS-URL: https://build.opensuse.org/request/show/1031218
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=219
2022-10-26 22:34:34 +00:00
Dominique Leuenberger
30c10b12e5 Accepting request 1003396 from Base:System
OBS-URL: https://build.opensuse.org/request/show/1003396
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=133
2022-09-15 20:57:37 +00:00
Jason Sikes
80565d39fb Accepting request 1002370 from home:jsikes:branches:Base:System
Fixed bsc#1177578. It's small. No, it's 'FUN-SIZED'! Enjoy!

OBS-URL: https://build.opensuse.org/request/show/1002370
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=217
2022-09-13 23:23:53 +00:00
Dominique Leuenberger
277f190914 Accepting request 998921 from Base:System
OBS-URL: https://build.opensuse.org/request/show/998921
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=132
2022-08-25 13:32:59 +00:00
Jason Sikes
1b78263838 Accepting request 998277 from home:jsikes:branches:Base:System
Updated. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/998277
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=215
2022-08-23 23:14:55 +00:00
Dominique Leuenberger
5e7d5fb7c8 Accepting request 998274 from Base:System
OBS-URL: https://build.opensuse.org/request/show/998274
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=131
2022-08-22 09:04:54 +00:00
Jason Sikes
211bbb80cf Accepting request 993732 from home:kukuk:branches:Base:System
- Use %_pam_vendordir macro
- Fix errors around LICENSE.md (fixes building on SLE12 SP5 again)

OBS-URL: https://build.opensuse.org/request/show/993732
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=213
2022-08-20 00:48:17 +00:00
Dominique Leuenberger
db4576c51e Accepting request 964748 from Base:System
OBS-URL: https://build.opensuse.org/request/show/964748
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=130
2022-03-28 14:58:48 +00:00
Jason Sikes
188f5779d8 Accepting request 964503 from home:dirkmueller:Factory
- update to 1.9.10:
  * Added new log_passwords and passprompt_regex sudoers options. If
    log_passwords is disabled, sudo will attempt to prevent passwords from being
    logged. If sudo detects any of the regular expressions in the passprompt_regex
    list in the terminal output, sudo will log ‘*’ characters instead of the
    terminal input until a newline or carriage return is found in the input or an
    output character is received.
  * Added new log_passwords and passprompt_regex settings to sudo_logsrvd that
    operate like the sudoers options when logging terminal input.
  * Fixed several few bugs in the cvtsudoers utility when merging multiple sudoers
    sources.
  * Fixed a bug in sudo_logsrvd parsing the sudo_logsrvd.conf file, where the
    retry_interval in the [relay] section was not being recognized.
  * Restored the pre-1.9.9 behavior of not performing authentication when sudo’s -n
    option is specified. A new noninteractive_auth sudoers option has been added to
    enable PAM authentication in non-interactive mode. GitHub issue #131.
  * On systems with /proc, if the /proc/self/stat (Linux) or /proc/pid/psinfo
    (other systems) file is missing or invalid, sudo will now check file
    descriptors 0-2 to determine the user’s terminal. Bug #1020.
  * Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
  * Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is
    received.
  * Fixed an issue that resulting in “problem with defaults entries” email to be
    sent if a user ran sudo when the sudoers entry in the nsswitch.conf file
    includes “sss” but no sudo provider is configured in /etc/sssd/sssd.conf.
  * Updated the warning displayed when the invoking user is not allowed to run
    sudo. If sudo has been configured to send mail on failed attempts (see the
    mail_* flags in sudoers), it will now print “This incident has been reported to
    the administrator.” If the mailto or mailerpath sudoers settings are disabled,
    the message will not be printed and no mail will be sent.

OBS-URL: https://build.opensuse.org/request/show/964503
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=211
2022-03-25 04:48:17 +00:00
Dominique Leuenberger
b64795a9b2 Accepting request 959857 from Base:System
OBS-URL: https://build.opensuse.org/request/show/959857
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=129
2022-03-08 19:31:28 +00:00
c9aee8b1e3 Accepting request 959556 from home:jsikes:branches:Base:System
Fix for bsc 1193446. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/959556
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=209
2022-03-07 11:36:16 +00:00
Dominique Leuenberger
eaece45fce Accepting request 955511 from Base:System
OBS-URL: https://build.opensuse.org/request/show/955511
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=128
2022-02-18 22:02:36 +00:00
Jason Sikes
86ffaf5f6b Accepting request 955502 from home:simotek:branches:Base:System
- Restrict use of sudo -U other -l to people who have permission
  to run commands as that user (bsc#1181703, jsc#SLE-22569)
  * feature-upstream-restrict-sudo-U-other-l.patch

OBS-URL: https://build.opensuse.org/request/show/955502
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=208
2022-02-17 01:40:01 +00:00
Dominique Leuenberger
8f8097e0ab Accepting request 950730 from Base:System
OBS-URL: https://build.opensuse.org/request/show/950730
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=127
2022-02-03 22:15:48 +00:00
c1da9ded70 Accepting request 950728 from home:simotek:branches:Base:System
- Update to 1.9.9
   * Sudo can now be built with OpenSSL 3.0 without generating
     warnings about deprecated OpenSSL APIs.
   * A digest can now be specified along with the ALL command in
     the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
     this in the sudoers file but did not include corresponding
     changes for the other back-ends.
   * visudo now only warns about an undefined alias or a cycle in
     an alias once for each alias.
   * The sudoRole cn was truncated by a single character in warning
     messages. GitHub issue #115.
   * The cvtsudoers utility has new --group-file and --passwd-file
     options to use a custom passwd or group file when the
     --match-local option is also used.
   * The cvtsudoers utility can now filter or match based on a command.
   * The cvtsudoers utility can now produce output in csv
     (comma-separated value) format. This can be used to help generate
     entitlement reports.
   * Fixed a bug in sudo_logsrvd that could result in the connection
     being dropped for very long command lines.
   * Fixed a bug where sudo_logsrvd would not accept a restore point
     of zero.
   * Fixed a bug in visudo where the value of the editor setting was
     not used if it did not match the user’s EDITOR environment
     variable. This was only a problem if the env_editor setting was
     not enabled. Bug #1000.
   * Sudo now builds with the -fcf-protection compiler option and the
     -z now linker option if supported.
   * The output of sudoreplay -l now more closely matches the
     traditional sudo log format.
   * The sudo_sendlog utility will now use the full contents of the
     log.json file, if present. This makes it possible to send
     sudo-format I/O logs that use the newer log.json format to
     sudo_logsrvd without losing any information.
   * Fixed compilation of the arc4random_buf() replacement on systems
     with arc4random() but no arc4random_buf(). Bug #1008.
   * Sudo now uses its own getentropy() by default on Linux. The GNU
     libc version of getentropy() will fail on older kernels that
     don’t support the getrandom() system call.
   * It is now possible to build sudo with WolfSSL’s OpenSSL
     compatibility layer by using the --enable-wolfssl configure
     option.
   * Fixed a bug related to Daylight Saving Time when parsing
     timestamps in Generalized Time format. This affected the NOTBEFORE
     and NOTAFTER options in sudoers. Bug #1006.
   * Added the -O and -P options to visudo, which can be used to check
     or set the owner and permissions. This can be used in conjunction
     with the -c option to check that the sudoers file ownership and
     permissions are correct. Bug #1007.
   * It is now possible to set resource limits in the sudoers file
     itself. The special values default and “user” refer to the
     default system limit and invoking user limit respectively. The
     core dump size limit is now set to 0 by default unless overridden
     by the sudoers file.
   * The cvtsudoers utility can now merge multiple sudoers sources into
     a single, combined sudoers file. If there are conflicting entries,
     cvtsudoers will attempt to resolve them but manual intervention
     may be required. The merging of sudoers rules is currently fairly
     simplistic but will be improved in a future release.
   * Sudo was parsing but not applying the “deref” and “tls_reqcert”
     ldap.conf settings. This meant the options were effectively ignored
     which broke dereferencing of aliases in LDAP. Bug #1013.
   * Clarified in the sudo man page that the security policy may
     override the user’s PATH environment variable. Bug #1014.
   * When sudo is run in non-interactive mode (with the -n option), it
     will now attempt PAM authentication and only exit with an error if
     user interaction is required. This allows PAM modules that don’t
     interact with the user to succeed. Previously, sudo would not
     attempt authentication if the -n option was specified. Bug #956
     and GitHub issue #83.
   * Fixed a regression introduced in version 1.9.1 when sudo is built
     with the --with-fqdn configure option. The local host name was
     being resolved before the sudoers file was processed, making it
     impossible to disable DNS lookups by negating the fqdn sudoers
     option. Bug #1016.
   * Added support for negated sudoUser attributes in the LDAP and SSSD
     sudoers back ends. A matching sudoUser that is negated will cause
     the sudoRole containing it to be ignored.
   * Fixed a bug where the stack resource limit could be set to a value
     smaller than that of the invoking user and not be reset before the
     command was run. Bug #1016.
- sudo no longer ships schema for LDAP.
- sudo-feature-negated-LDAP-users.patch dropped, included upstream
- refreshed sudo-sudoers.patch

OBS-URL: https://build.opensuse.org/request/show/950728
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=207
2022-02-02 12:27:10 +00:00
bb99464edf Accepting request 949359 from home:simotek:branches:Base:System
- Add support in the LDAP filter for negated users, patch taken
  from upstream (jsc#20068)
  * Adds sudo-feature-negated-LDAP-users.patch

OBS-URL: https://build.opensuse.org/request/show/949359
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=206
2022-01-31 08:20:47 +00:00
Dominique Leuenberger
e1878025fc Accepting request 935849 from Base:System
- update to 1.9.8p2
  * Fixed a potential out-of-bounds read with "sudo -i" when the
    target user's shell is bash.  This is a regression introduced
    in sudo 1.9.8.  Bug #998.
  * sudo_logsrvd now only sends a log ID for first command of a session.
    There is no need to send the log ID for each sub-command.
  * Fixed a few minor memory leaks in intercept mode.
  * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
    was enabled when handling sub-commands.  A new zero-length journal
    file was created for each sub-command instead of simply using
    the existing journal file.
- update to 1.9.8p1
  * Fixed support for passing a prompt (sudo -p) or a login class
    (sudo -l) on the command line.  This is a regression introduced
    in sudo 1.9.8.  Bug #993.
  * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
    This is a regression introduced in sudo 1.9.8.  Bug #994.
  * Fixed a compilation error when the --enable-static-sudoers configure
    option was specified.  This is a regression introduced in sudo
    1.9.8 caused by a symbol clash with the intercept and log server
    protobuf functions.
  * It is now possible to transparently intercepting sub-commands
    executed by the original command run via sudo.  Intercept support
    is implemented using LD_PRELOAD (or the equivalent supported by
    the system) and so has some limitations.  The two main limitations
    are that only dynamic executables are supported and only the
    execl, execle, execlp, execv, execve, execvp, and execvpe library
    functions are currently intercepted. Its main use case is to
    support restricting privileged shells run via sudo.
    To support this, there is a new "intercept" Defaults setting and

OBS-URL: https://build.opensuse.org/request/show/935849
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=126
2021-12-08 21:08:26 +00:00
baf92a7f64 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=205 2021-12-05 19:32:13 +00:00
Jason Sikes
274646d6dc Accepting request 920883 from home:kstreitova:sudo
- update to 1.9.8p2
  * Fixed a potential out-of-bounds read with "sudo -i" when the
    target user's shell is bash.  This is a regression introduced
    in sudo 1.9.8.  Bug #998.
  * sudo_logsrvd now only sends a log ID for first command of a session.
    There is no need to send the log ID for each sub-command.
  * Fixed a few minor memory leaks in intercept mode.
  * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
    was enabled when handling sub-commands.  A new zero-length journal
    file was created for each sub-command instead of simply using
    the existing journal file.
- update to 1.9.8p1
  * Fixed support for passing a prompt (sudo -p) or a login class
    (sudo -l) on the command line.  This is a regression introduced
    in sudo 1.9.8.  Bug #993.
  * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
    This is a regression introduced in sudo 1.9.8.  Bug #994.
  * Fixed a compilation error when the --enable-static-sudoers configure
    option was specified.  This is a regression introduced in sudo
    1.9.8 caused by a symbol clash with the intercept and log server
    protobuf functions.
  * It is now possible to transparently intercepting sub-commands
    executed by the original command run via sudo.  Intercept support
    is implemented using LD_PRELOAD (or the equivalent supported by
    the system) and so has some limitations.  The two main limitations
    are that only dynamic executables are supported and only the
    execl, execle, execlp, execv, execve, execvp, and execvpe library
    functions are currently intercepted. Its main use case is to
    support restricting privileged shells run via sudo.
    To support this, there is a new "intercept" Defaults setting and

OBS-URL: https://build.opensuse.org/request/show/920883
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=204
2021-09-22 14:50:58 +00:00
Jason Sikes
d4c80a2758 Accepting request 908959 from home:ykurlaev:branches:Base:System2
- Fix commented out "Defaults env_keep" in sudo-sudoers.patch

OBS-URL: https://build.opensuse.org/request/show/908959
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=203
2021-09-21 14:53:15 +00:00
Jason Sikes
8f39b9fd2e Accepting request 909589 from home:dirkmueller:Factory
- update to 1.9.7p2:
  * When formatting JSON output, octal numbers are now stored as strings, not
    numbers. The JSON spec does not actually support octal numbers with a 0
    prefix.
  * Sudo now can handle the getgroups() function returning a different number
    of groups for subsequent invocations. GitHub PR #106.
  * When loading a Python plugin, python_plugin.so now verifies that the module
    loaded matches the one we tried to load. This allows sudo to display a more
    useful error message when trying to load a plugin with a name that conflicts
    with a Python module installed in the system location.
  * Sudo no longer sets the the open files resource limit to unlimited while it
    runs. This avoids a problem where sudo's closefrom() emulation would need to
    close a very large number of descriptors on systems without a way to determine
    which ones are actually open.
  * Sudo now includes a configure check for va_copy or __va_copy and only defines
    its own version if the configure test fails.
  * Fixed a bug in sudo's utmp file handling which prevented old entries from being
    reused. As a result, the utmp (or utmpx) file was appended to unnecessarily.
  * ixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd from
    accepting TLS connections when OpenSSL is used. Bug #988.
  * Fixed an SELinux sudoedit bug when the edited temporary file could not be
    opened. The sesh helper would still be run even when there are no temporary
    files available to install.
  * The sudo_noexec.so file is now built as a module on all systems other than
    macOS. This makes it possible to use other libtool implementations such as
    slibtool. On macOS shared libraries and modules are not interchangeable and
    the version of libtool shipped with sudo must be used.

OBS-URL: https://build.opensuse.org/request/show/909589
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=202
2021-09-21 14:50:01 +00:00
Dominique Leuenberger
8175b656b8 Accepting request 912793 from Base:System
OBS-URL: https://build.opensuse.org/request/show/912793
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=125
2021-08-23 08:07:39 +00:00
Jason Sikes
6c83a9a46c Accepting request 909383 from home:czanik:branches:Base:System
- update to 1.9.7p2 
- enabled openssl support for secure central session
  recording collection (without it's clear text)
- fixed SLES12 build
 * When formatting JSON output, octal numbers are now stored as
   strings, not numbers.  The JSON spec does not actually support
   octal numbers with a '0' prefix.
 * Fixed a compilation issue on Solaris 9.
 * Sudo now can handle the getgroups() function returning a different
   number of groups for subsequent invocations.  GitHub PR #106.
 * When loading a Python plugin, python_plugin.so now verifies
   that the module loaded matches the one we tried to load.  This
   allows sudo to display a more useful error message when trying
   to load a plugin with a name that conflicts with a Python module
   installed in the system location.
 * Sudo no longer sets the the open files resource limit to "unlimited"
   while it runs.  This avoids a problem where sudo's closefrom()
   emulation would need to close a very large number of descriptors
   on systems without a way to determine which ones are actually open.
 * Sudo now includes a configure check for va_copy or __va_copy and
   only defines its own version if the configure test fails.
 * Fixed a bug in sudo's utmp file handling which prevented old
   entries from being reused.  As a result, the utmp (or utmpx)
   file was appended to unnecessarily.  GitHub PR #108.
 * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd
   from accepting TLS connections when OpenSSL is used.  Bug #988.
 * Fixed an SELinux sudoedit bug when the edited temporary file
   could not be opened.  The sesh helper would still be run even
   when there are no temporary files available to install.
 * Fixed a compilation problem on FreeBSD.
 * The sudo_noexec.so file is now built as a module on all systems
   other than macOS.  This makes it possible to use other libtool
   implementations such as slibtool.  On macOS shared libraries and
   modules are not interchangeable and the version of libtool shipped
   with sudo must be used.
 * Fixed a few bugs in the getgrouplist() emulation on Solaris when
   reading from the local group file.
 * Fixed a bug in sudo_logsrvd that prevented periodic relay server
   connection retries from occurring in "store_first" mode.
 * Disabled the nss_search()-based getgrouplist() emulation on HP-UX
   due to a crash when the group source is set to "compat" in
   /etc/nsswitch.conf.  This is probably due to a mismatch between
   include/compat/nss_dbdefs.h and what HP-UX uses internally.  On
   HP-UX we now just cycle through groups the slow way using
   getgrent().  Bug #978.

OBS-URL: https://build.opensuse.org/request/show/909383
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=201
2021-08-17 23:42:04 +00:00
Dominique Leuenberger
d4c5802060 Accepting request 908922 from Base:System
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/908922
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=124
2021-08-02 10:04:50 +00:00
3a3c58c1c7 Accepting request 905883 from home:ykurlaev:branches:Base:System
Fix LC_TIME incorrectly named LC_ATIME

OBS-URL: https://build.opensuse.org/request/show/905883
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=200
2021-07-28 14:44:04 +00:00
Dominique Leuenberger
fa6184d78b Accepting request 892573 from Base:System
- update to 1.9.7
  * The "fuzz" Makefile target now runs all the fuzzers for 8192
    passes (can be overridden via the FUZZ_RUNS variable).  This makes
    it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
    set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
  * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
    error by default when a symbol is multiply-defined.
  * Added support for determining local IPv6 addresses on systems
    that lack the getifaddrs() function.  This now works on AIX,
    HP-UX and Solaris (at least).  Bug #969.
  * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
    report a usage error.  Also, when invoked as sudoedit, sudo now
    allows a more restricted set of options that matches the usage
    statement and documentation.  GitHub issue #95.
  * Fixed a crash in sudo_sendlog when the specified certificate
    or key does not exist or is invalid.  Bug #970
  * Fixed a compilation error when sudo is configured with the
    --disable-log-client option.
  * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
    is now documented.  Bug #971.
  * Sudo now requires autoconf 2.70 or higher to regenerate the
    configure script.  Bug #972.
  * sudo_logsrvd now has a relay mode which can be used to create
    a hierarchy of log servers.  By default, when a relay server is
    defined, messages from the client are forwarded immediately to
    the relay.  However, if the "store_first" setting is enabled,
    the log will be stored locally until the command completes and
    then relayed.  Bug #965.
  * Sudo now links with OpenSSL by default if it is available unless
    the --disable-openssl configure option is used or both the

OBS-URL: https://build.opensuse.org/request/show/892573
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=123
2021-05-15 21:15:47 +00:00
dcdcdf182d Accepting request 892541 from home:kstreitova:branches:Base:System
- update to 1.9.7
  * The "fuzz" Makefile target now runs all the fuzzers for 8192
    passes (can be overridden via the FUZZ_RUNS variable).  This makes
    it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
    set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
  * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
    error by default when a symbol is multiply-defined.
  * Added support for determining local IPv6 addresses on systems
    that lack the getifaddrs() function.  This now works on AIX,
    HP-UX and Solaris (at least).  Bug #969.
  * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
    report a usage error.  Also, when invoked as sudoedit, sudo now
    allows a more restricted set of options that matches the usage
    statement and documentation.  GitHub issue #95.
  * Fixed a crash in sudo_sendlog when the specified certificate
    or key does not exist or is invalid.  Bug #970
  * Fixed a compilation error when sudo is configured with the
    --disable-log-client option.
  * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
    is now documented.  Bug #971.
  * Sudo now requires autoconf 2.70 or higher to regenerate the
    configure script.  Bug #972.
  * sudo_logsrvd now has a relay mode which can be used to create
    a hierarchy of log servers.  By default, when a relay server is
    defined, messages from the client are forwarded immediately to
    the relay.  However, if the "store_first" setting is enabled,
    the log will be stored locally until the command completes and
    then relayed.  Bug #965.
  * Sudo now links with OpenSSL by default if it is available unless
    the --disable-openssl configure option is used or both the

OBS-URL: https://build.opensuse.org/request/show/892541
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=198
2021-05-12 15:43:09 +00:00
Dominique Leuenberger
a4d639a899 Accepting request 886601 from Base:System
OBS-URL: https://build.opensuse.org/request/show/886601
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=122
2021-04-22 16:03:36 +00:00
a2c551b38d Accepting request 886334 from home:dirkmueller:Factory
- update to 1.9.6p1
 * Fixed a regression introduced in sudo 1.9.6 that resulted in an
   error message instead of a usage message when sudo is run with
   no arguments.
 * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
 * Fixed a regression introduced in sudo 1.9.4 where the
   --disable-root-mailer configure option had no effect.
 * Added a --disable-leaks configure option that avoids some
   memory leaks on exit that would otherwise occur.  This is intended
   to be used with development tools that measure memory leaks.  It
   is not safe to use in production at this time.
 * Plugged some memory leaks identified by oss-fuzz and ASAN.
 * Fixed the handling of sudoOptions for an LDAP sudoRole that
   contains multiple sudoCommands.  Previously, some of the options
   would only be applied to the first sudoCommand.
 * Fixed a potential out of bounds read in the parsing of NOTBEFORE
   and NOTAFTER sudoers command options (and their LDAP equivalents).
 * The parser used for reading I/O log JSON files is now more
   resilient when processing invalid JSON.
 * Fixed typos that prevented "make uninstall" from working.
 * Fixed a regression introduced in sudo 1.9.4 where the last line
   in a sudoers file might not have a terminating NUL character
   added if no newline was present.
 * Integrated oss-fuzz and LLVM's libFuzzer with sudo.  The new
   --enable-fuzzer configure option can be combined with the
   --enable-sanitizer option to build sudo with fuzzing support.
   Multiple fuzz targets are available for fuzzing different parts
   of sudo.  Fuzzers are built and tested via "make fuzz" or as part
   of "make check" (even when sudo is not built with fuzzing support).
   Fuzzing support currently requires the LLVM clang compiler (not gcc).

OBS-URL: https://build.opensuse.org/request/show/886334
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=196
2021-04-19 08:23:29 +00:00
Dominique Leuenberger
afef573fda Accepting request 867171 from Base:System
OBS-URL: https://build.opensuse.org/request/show/867171
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=121
2021-01-27 17:57:02 +00:00
f367b20479 Accepting request 867170 from home:simotek:branches:Base:System
Add some bugzilla references used in SLE and Leap to make some bots happy

OBS-URL: https://build.opensuse.org/request/show/867170
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=194
2021-01-27 12:10:14 +00:00
706ef1b183 Accepting request 867021 from home:simotek:branches:Base:System
- Update to 1.9.5.p2
    * When invoked as sudoedit, the same set of command line
      options are now accepted as for sudo -e. The -H and -P
      options are now rejected for sudoedit and sudo -e which
      matches the sudo 1.7 behavior. This is part of the fix for
      CVE-2021-3156.
    * Fixed a potential buffer overflow when unescaping backslashes
      in the command's arguments. Normally, sudo escapes special
      characters when running a command via a shell (sudo -s or
      sudo -i). However, it was also possible to run sudoedit with
      the -s or -i flags in which case no escaping had actually
      been done, making a buffer overflow possible.
      This fixes CVE-2021-3156. (bsc#1181090)
    * Fixed sudo's setprogname(3) emulation on systems that don't
      provide it.
    * Fixed a problem with the sudoers log server client where a
      partial write to the server could result the sudo process
      consuming large amounts of CPU time due to a cycle in the
      buffer queue. Bug #954.
    * Added a missing dependency on libsudo_util in libsudo_eventlog.
      Fixes a link error when building sudo statically.
    * The user's KRB5CCNAME environment variable is now preserved
      when performing PAM authentication. This fixes GSSAPI
      authentication when the user has a non-default ccache.

OBS-URL: https://build.opensuse.org/request/show/867021
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=193
2021-01-27 06:57:42 +00:00
Dominique Leuenberger
5c0ac59b2d Accepting request 863081 from Base:System
OBS-URL: https://build.opensuse.org/request/show/863081
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=120
2021-01-18 10:27:27 +00:00