Accepting request 867021 from home:simotek:branches:Base:System

- Update to 1.9.5.p2
    * When invoked as sudoedit, the same set of command line
      options are now accepted as for sudo -e. The -H and -P
      options are now rejected for sudoedit and sudo -e which
      matches the sudo 1.7 behavior. This is part of the fix for
      CVE-2021-3156.
    * Fixed a potential buffer overflow when unescaping backslashes
      in the command's arguments. Normally, sudo escapes special
      characters when running a command via a shell (sudo -s or
      sudo -i). However, it was also possible to run sudoedit with
      the -s or -i flags in which case no escaping had actually
      been done, making a buffer overflow possible.
      This fixes CVE-2021-3156. (bsc#1181090)
    * Fixed sudo's setprogname(3) emulation on systems that don't
      provide it.
    * Fixed a problem with the sudoers log server client where a
      partial write to the server could result the sudo process
      consuming large amounts of CPU time due to a cycle in the
      buffer queue. Bug #954.
    * Added a missing dependency on libsudo_util in libsudo_eventlog.
      Fixes a link error when building sudo statically.
    * The user's KRB5CCNAME environment variable is now preserved
      when performing PAM authentication. This fixes GSSAPI
      authentication when the user has a non-default ccache.

OBS-URL: https://build.opensuse.org/request/show/867021
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=193

sudo-1.9.5p1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882
-size 4008926

sudo-1.9.5p2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
+size 4012277

sudo.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Wed Jan 27 00:25:10 UTC 2021 - Simon Lees <simonf.lees@suse.com>
+
+- Update to 1.9.5.p2
+    * When invoked as sudoedit, the same set of command line
+      options are now accepted as for sudo -e. The -H and -P
+      options are now rejected for sudoedit and sudo -e which
+      matches the sudo 1.7 behavior. This is part of the fix for
+      CVE-2021-3156.
+    * Fixed a potential buffer overflow when unescaping backslashes
+      in the command's arguments. Normally, sudo escapes special
+      characters when running a command via a shell (sudo -s or
+      sudo -i). However, it was also possible to run sudoedit with
+      the -s or -i flags in which case no escaping had actually
+      been done, making a buffer overflow possible.
+      This fixes CVE-2021-3156. (bsc#1181090)
+    * Fixed sudo's setprogname(3) emulation on systems that don't
+      provide it.
+    * Fixed a problem with the sudoers log server client where a
+      partial write to the server could result the sudo process
+      consuming large amounts of CPU time due to a cycle in the
+      buffer queue. Bug #954.
+    * Added a missing dependency on libsudo_util in libsudo_eventlog.
+      Fixes a link error when building sudo statically.
+    * The user's KRB5CCNAME environment variable is now preserved
+      when performing PAM authentication. This fixes GSSAPI
+      authentication when the user has a non-default ccache.
+
 -------------------------------------------------------------------
 Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
 
@@ -2820,5 +2848,3 @@ Wed Nov  6 00:13:26 CET 1996 - florian@suse.de
 - update to version 1.5.2
 
 - sudo has changed a lot, please check the sudo documentation
-
-

sudo.spec

@@ -22,7 +22,7 @@
 %define use_usretc 1
 %endif
 Name:           sudo
-Version:        1.9.5p1
+Version:        1.9.5p2
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC