Accepting request 867021 from home:simotek:branches:Base:System

- Update to 1.9.5.p2 * When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. * Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156. (bsc#1181090) * Fixed sudo's setprogname(3) emulation on systems that don't provide it. * Fixed a problem with the sudoers log server client where a partial write to the server could result the sudo process consuming large amounts of CPU time due to a cycle in the buffer queue. Bug #954. * Added a missing dependency on libsudo_util in libsudo_eventlog. Fixes a link error when building sudo statically. * The user's KRB5CCNAME environment variable is now preserved when performing PAM authentication. This fixes GSSAPI authentication when the user has a non-default ccache. OBS-URL: https://build.opensuse.org/request/show/867021 OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=193
2021-01-27 06:57:42 +00:00 · 2021-01-27 06:57:42 +00:00 · 706ef1b183
commit 706ef1b183
parent 9eb248bcec
6 changed files with 126 additions and 100 deletions
--- a/sudo-1.9.5p1.tar.gz
+++ b/sudo-1.9.5p1.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4dddf37c22653defada299e5681e0daef54bb6f5fc950f63997bb8eb966b7882
 size 4008926
--- a/sudo-1.9.5p1.tar.gz.sig
+++ b/sudo-1.9.5p1.tar.gz.sig
--- a/sudo-1.9.5p2.tar.gz
+++ b/sudo-1.9.5p2.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:539e2ef43c8a55026697fb0474ab6a925a11206b5aa58710cb42a0e1c81f0978
 size 4012277
--- a/sudo-1.9.5p2.tar.gz.sig
+++ b/sudo-1.9.5p2.tar.gz.sig
--- a/sudo.changes
+++ b/sudo.changes
@ -1,3 +1,31 @@
 -------------------------------------------------------------------
 Wed Jan 27 00:25:10 UTC 2021 - Simon Lees <simonf.lees@suse.com>
 - Update to 1.9.5.p2
    * When invoked as sudoedit, the same set of command line
      options are now accepted as for sudo -e. The -H and -P
      options are now rejected for sudoedit and sudo -e which
      matches the sudo 1.7 behavior. This is part of the fix for
      CVE-2021-3156.
    * Fixed a potential buffer overflow when unescaping backslashes
      in the command's arguments. Normally, sudo escapes special
      characters when running a command via a shell (sudo -s or
      sudo -i). However, it was also possible to run sudoedit with
      the -s or -i flags in which case no escaping had actually
      been done, making a buffer overflow possible.
      This fixes CVE-2021-3156. (bsc#1181090)
    * Fixed sudo's setprogname(3) emulation on systems that don't
      provide it.
    * Fixed a problem with the sudoers log server client where a
      partial write to the server could result the sudo process
      consuming large amounts of CPU time due to a cycle in the
      buffer queue. Bug #954.
    * Added a missing dependency on libsudo_util in libsudo_eventlog.
      Fixes a link error when building sudo statically.
    * The user's KRB5CCNAME environment variable is now preserved
      when performing PAM authentication. This fixes GSSAPI
      authentication when the user has a non-default ccache.
 -------------------------------------------------------------------
 Thu Jan 14 08:54:04 UTC 2021 - Kristyna Streitova <kstreitova@suse.com>
@ -132,7 +160,7 @@ Mon Nov 30 17:36:19 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
  * Sudo packages for macOS 11 now contain universal binaries that
    support both Intel and Apple Silicon CPUs.
  * For sudo_logsrvd, an empty value for the "pid_file" setting in
-    sudo_logsrvd.conf will now disable the process ID file. 
+    sudo_logsrvd.conf will now disable the process ID file.
 - Remove sudo-1.9.3p1-pam_xauth.patch (upstreamed)
 -------------------------------------------------------------------
@ -203,11 +231,11 @@ Fri Nov 13 21:26:58 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
  executing the command. Fixes a problem with pam_xauth which
  checks effective and real uids to get the real identity of the
  user [bsc#1174593]
- 
+
 -------------------------------------------------------------------
 Mon Sep  7 08:01:05 UTC 2020 - Marco Varlese <marco.varlese@suse.com>
- Modified the secure_path to include the other two default paths 
+- Modified the secure_path to include the other two default paths
  which are commonly available to $user. This will offer a better
  and more consistent UX.
@ -311,7 +339,7 @@ Mon May 11 08:15:17 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
    TLS certificate file is explicitly specified in sudo_logsrvd.conf
    or the default TLS certificate file exists in the file system.
    There is no change in behavior for listen_address entries
-    explicitly set in the configuration file. 
+    explicitly set in the configuration file.
 -------------------------------------------------------------------
 Thu May  7 12:14:26 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
@ -324,7 +352,7 @@ Thu May  7 12:14:26 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
    share the same ID. Debian bug #734752.
  * Sudo command line options that take a value may only be specified
    once. This is to help guard against problems caused by poorly
-    written scripts that invoke sudo with user-controlled input. Bug #924. 
+    written scripts that invoke sudo with user-controlled input. Bug #924.
 -------------------------------------------------------------------
 Wed May  6 07:37:58 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
@ -352,7 +380,7 @@ Wed May  6 07:37:58 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
 -------------------------------------------------------------------
 Fri Apr 17 17:07:06 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
- build with enable-python to support python plugins 
+- build with enable-python to support python plugins
 -------------------------------------------------------------------
 Fri Apr 17 11:51:49 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
@ -606,13 +634,13 @@ Sun Jan 13 19:26:23 UTC 2019 - seanlew@opensuse.org
    without using the -f option (#864)
  * Fixed a big introduced in 1.8.22 where utm/p/utmpx would not
    be updated when a command was run in a pseudo-tty (#865)
-  * Sudo now sets the silent flag when opening the PAM session 
+  * Sudo now sets the silent flag when opening the PAM session
    except when running a shell via sudo -s or sudo -i (#867)
 -------------------------------------------------------------------
 Sat Nov 17 09:08:54 UTC 2018 - sean@suspend.net
- Update to 1.8.26 
+- Update to 1.8.26
  * Fixed a bug in cvtsudoers when converting to JSON format
    when alias exansion is enabled
  * Sudo no longer sets the USERNAME environment variable
@ -620,20 +648,20 @@ Sat Nov 17 09:08:54 UTC 2018 - sean@suspend.net
  * Sudo now treats the LOGNAME and USER environment variables
    (as well as the LOGIN variable on AIX) as a single unit
  * Added support for OpenLDAP TLS_REQCERT setting in ldap.conf
-  * Sudo now logs when the command was suspended and resumed 
+  * Sudo now logs when the command was suspended and resumed
    in the I/O logs
-  * Sudo now prints a warning message when there is an error or 
+  * Sudo now prints a warning message when there is an error or
    end of file while reading the password instead of exiting
-  * Fixed a bug introduced in sudo 1.8.25 that prevented sudo 
+  * Fixed a bug introduced in sudo 1.8.25 that prevented sudo
    from properly setting the user's groups on AIX.
-  * The sudoers LDAP back-end now supports negated sudoRunAsUser 
+  * The sudoers LDAP back-end now supports negated sudoRunAsUser
    and sudoRunAsGroup entries
-  * Sudo now rpovides a proper error message when the "fqdn" 
+  * Sudo now rpovides a proper error message when the "fqdn"
    sudoers option is set and it is unable to resolve the local
    host name.
  * Sudo now includes sudoers LDAP schema for the on-line config
    supported by OpenLDAP
- 
+
 -------------------------------------------------------------------
 Wed Sep 19 15:40:24 UTC 2018 - kstreitova@suse.com
@ -644,30 +672,30 @@ Wed Sep 19 15:40:24 UTC 2018 - kstreitova@suse.com
 Tue Sep 18 09:38:57 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com>
 - Update to 1.8.25p1
-  * Fixed a bug introduced in sudo 1.8.25 that caused a crash on 
+  * Fixed a bug introduced in sudo 1.8.25 that caused a crash on
-    systems that have the poll() function but not the ppoll() 
+    systems that have the poll() function but not the ppoll()
    function
 -------------------------------------------------------------------
 Wed Sep  5 09:02:35 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com>
 - Update to 1.8.25
-  * I/O log timing file entries now use a monotonic timer and 
+  * I/O log timing file entries now use a monotonic timer and
    include nanosecond precision
-  * when sudo runs a command in a pseudo-tty, the slave device is 
+  * when sudo runs a command in a pseudo-tty, the slave device is
-    now closed in the main process immediately after starting the 
+    now closed in the main process immediately after starting the
    monitor process
-  * the testsudoers utility now supports querying an LDIF-format 
+  * the testsudoers utility now supports querying an LDIF-format
    policy
 -------------------------------------------------------------------
 Tue Aug 21 11:42:45 UTC 2018 - mcalabkova@suse.com
 - Update to 1.8.24
-  * random insults are now more random 
+  * random insults are now more random
-  * added SUDO_CONV_PREFER_TTY flag for conversation function to 
+  * added SUDO_CONV_PREFER_TTY flag for conversation function to
    tell sudo to try writing to /dev/tty first
-  * cvtsudoers can now parse base64-encoded attributes in LDIF 
+  * cvtsudoers can now parse base64-encoded attributes in LDIF
    files
 -------------------------------------------------------------------
@ -683,7 +711,7 @@ Wed May  2 16:19:56 UTC 2018 - michael@stroeder.com
  * new cvtsudoers utility (replaces sudoers2ldif) and converts
    between sudoers formats and perform some basic filtering.
  * removed obsolete sudoers2ldif-env.patch
-  
+
 -------------------------------------------------------------------
 Mon Apr 16 15:18:12 UTC 2018 - kstreitova@suse.com
@ -775,14 +803,14 @@ Wed Jan 24 00:44:24 UTC 2018 - avindra@opensuse.org
  * The sudoers time stamp file format is now documented in the new
    sudoers_timestamp manual.
  * Visudo will now use the SUDO_EDITOR environment variable (if
-    present) in addition to VISUAL and EDITOR. 
+    present) in addition to VISUAL and EDITOR.
 - rebase sudoers2ldif-env.patch
 - cleanup with spec-cleaner
 -------------------------------------------------------------------
 Mon Dec 11 13:38:25 UTC 2017 - kstreitova@suse.com
- remove sudoers.dist that is not needed [bsc#1071379] 
+- remove sudoers.dist that is not needed [bsc#1071379]
 -------------------------------------------------------------------
 Wed Sep 13 14:19:27 UTC 2017 - kstreitova@suse.com
@ -967,9 +995,9 @@ Major changes between sudo 1.8.20 and 1.8.19p2:
 -------------------------------------------------------------------
 Tue May 30 19:11:42 UTC 2017 - sflees@suse.de
- Fix a vulnerability in Sudo's get_process_ttyname() leading to 
+- Fix a vulnerability in Sudo's get_process_ttyname() leading to
  privlage elevation.
-  * sudo-1.8.19p2-CVE-2017-1000367.patch 
+  * sudo-1.8.19p2-CVE-2017-1000367.patch
  * CVE-2017-1000367
  * bsc#1039361
@ -986,14 +1014,14 @@ Fri Mar  3 15:30:29 UTC 2017 - kstreitova@suse.com
  * remove sudo-1.8.10p3-user_groups.patch [bsc#988014]
    * fixed in sudo 1.8.17p1
  * remove sudo-1.8.10p3_pam_groups_upstream.patch [fate#318850]
-    * fixed in sudo 1.8.17 
+    * fixed in sudo 1.8.17
  * remove sudo-1.8.10p3-CVE-2014-9680.patch [bsc#917806]
-    * fixed in sudo 1.8.12 
+    * fixed in sudo 1.8.12
 -------------------------------------------------------------------
 Tue Jan 31 16:11:17 UTC 2017 - kstreitova@suse.com
- add sudo-1.8.19p2-decrement_env_len.patch - In 
+- add sudo-1.8.19p2-decrement_env_len.patch - In
  sudo_unsetenv_nodebug(), decrement envp.env_len after removing
  the variable [bsc#981124]
 - add sudo-1.8.19p2-dont_overwrite_ret_val.patch - don't overwrite
@ -1206,7 +1234,7 @@ Sun Jun 19 14:01:44 UTC 2016 - michael@stroeder.com
 -------------------------------------------------------------------
 Mon May 23 08:22:12 UTC 2016 - egeorget@openmailbox.org
- Changing password promp to make use of sudo localized prompts. 
+- Changing password promp to make use of sudo localized prompts.
 -------------------------------------------------------------------
 Thu May 19 09:13:54 UTC 2016 - kstreitova@suse.com
@ -1285,7 +1313,7 @@ Thu Mar 17 23:32:59 UTC 2016 - michael@stroeder.com
 Fri Nov  6 11:55:17 UTC 2015 - kstreitova@suse.com
 - update to 1.8.15:
-  * Fixed a bug that prevented sudo from building outside the source 
+  * Fixed a bug that prevented sudo from building outside the source
    tree on some platforms. Bug #708.
  * Fixed the location of the sssd library in the RHEL/Centos packages.
    Bug #710.
@ -1373,7 +1401,7 @@ Thu Jul 23 10:09:08 UTC 2015 - kstreitova@suse.com
 - update to 1.8.14p3:
  * changes in 1.8.14p3
-    * Fixed a bug introduced in sudo 1.8.14p2 that prevented sudo 
+    * Fixed a bug introduced in sudo 1.8.14p2 that prevented sudo
      from working when no tty was present. Bug #706.
    * Fixed tty detection on newer AIX systems where dev_t is 64-bit.
  * changes in 1.8.14p2
@ -1392,7 +1420,7 @@ Thu Jul 23 10:09:08 UTC 2015 - kstreitova@suse.com
      behavior when returning an int from a function declared to
      return bool without an explicit cast.
    * Worked around a bug in Mac OS X 10.10 BSD auditing where the
-      au_preselect() fails for AUE_sudo events but succeeds for 
+      au_preselect() fails for AUE_sudo events but succeeds for
      AUE_DARWIN_sudo.
    * Fixed a hang on Linux systems with glibc when sudo is linked
      with jemalloc.
@ -1424,12 +1452,12 @@ Thu Jul 23 10:09:08 UTC 2015 - kstreitova@suse.com
    * Fixed a bug that prevented the btime entry in /proc/stat from
      being parsed on Linux.
  * update sudo-sudoers.patch
-  * remove sudo-parse_boottime_properly.patch (it's not longer needed) 
+  * remove sudo-parse_boottime_properly.patch (it's not longer needed)
 -------------------------------------------------------------------
 Wed Jul 22 18:27:35 UTC 2015 - crrodriguez@opensuse.org
- BuildRequires zlib-devel, support zlib compressed I/O logs. 
+- BuildRequires zlib-devel, support zlib compressed I/O logs.
 -------------------------------------------------------------------
 Thu May 14 12:47:49 UTC 2015 - vcizek@suse.com
@ -1530,74 +1558,74 @@ Sat Oct 11 02:09:17 UTC 2014 - tabraham@suse.com
 - refresh sudo-sudoers.patch
 - update to 1.8.11p1
-  * Fixed a compilation problem on some systems when the 
+  * Fixed a compilation problem on some systems when the
    --disable-shared-libutil configure option was specified.
-  * The user can no longer interrupt the sleep after an incorrect password on 
+  * The user can no longer interrupt the sleep after an incorrect password on
    PAM systems using pam_unix. Bug #666.
  * Fixed a compilation problem on Linux systems that do not use PAM. Bug #667.
-  * "make install" will now work with the stock GNU autotools install-sh 
+  * "make install" will now work with the stock GNU autotools install-sh
    script. Bug #669.
-  * Fixed a crash with "sudo -i" when the current working directory does not 
+  * Fixed a crash with "sudo -i" when the current working directory does not
    exist. Bug #670.
-  * Fixed a potential crash in the debug subsystem when logging a message 
+  * Fixed a potential crash in the debug subsystem when logging a message
    larger that 1024 bytes.
-  * Fixed a "make check" failure for ttyname when stdin is closed and stdout 
+  * Fixed a "make check" failure for ttyname when stdin is closed and stdout
    and stderr are redirected to a different tty. Bug #643.
-  * Added BASH_FUNC_* to environment blacklist to match newer-style bash 
+  * Added BASH_FUNC_* to environment blacklist to match newer-style bash
-    functions. 
+    functions.
 - changes from 1.8.11
-  * The sudoers plugin no longer uses setjmp/longjmp to recover from fatal 
+  * The sudoers plugin no longer uses setjmp/longjmp to recover from fatal
    errors. All errors are now propagated to the caller via return codes.
-  * When running a command in the background, sudo will now forward SIGINFO to 
+  * When running a command in the background, sudo will now forward SIGINFO to
    the command (if supported).
-  * Sudo will now use the system versions of the sha2 functions from libc or 
+  * Sudo will now use the system versions of the sha2 functions from libc or
    libmd if available.
  * Visudo now works correctly on GNU Hurd. Bug #647.
-  * Fixed suspend and resume of curses programs on some system when the 
+  * Fixed suspend and resume of curses programs on some system when the
    command is not being run in a pseudo-terminal. Bug #649.
-  * Fixed a crash with LDAP-based sudoers on some systems when Kerberos was 
+  * Fixed a crash with LDAP-based sudoers on some systems when Kerberos was
    enabled.
  * Sudo now includes optional Solaris audit support.
  * Catalan translation for sudoers from translationproject.org.
  * Norwegian Bokmaal translation for sudo from translationproject.org.
  * Greek translation for sudoers from translationproject.org
-  * The sudo source tree has been reorganized to more closely resemble that of 
+  * The sudo source tree has been reorganized to more closely resemble that of
-    other gettext-enabled packages. 
+    other gettext-enabled packages.
-  * Sudo and its associated programs now link against a shared version of 
+  * Sudo and its associated programs now link against a shared version of
-    libsudo_util. The --disable-shared-libutil configure option may be used to 
+    libsudo_util. The --disable-shared-libutil configure option may be used to
-    force static linking if the --enable-static-sudoers option is also 
+    force static linking if the --enable-static-sudoers option is also
    specified.
  * The passwords in ldap.conf and ldap.secret may now be encoded in base64.
-  * Audit updates. SELinux role changes are now audited. For sudoedit, we now 
+  * Audit updates. SELinux role changes are now audited. For sudoedit, we now
    audit the actual editor being run, instead of just the sudoedit command.
-  * Fixed bugs in the man page post-processing that could cause portions of the 
+  * Fixed bugs in the man page post-processing that could cause portions of the
    manuals to be removed.
  * Fixed a crash in the system_group plugin. Bug #653.
-  * Fixed sudoedit on platforms without a native version of the getprogname() 
+  * Fixed sudoedit on platforms without a native version of the getprogname()
    function. Bug #654.
  * Fixed compilation problems with some pre-C99 compilers.
  * Fixed sudo's -C option which was broken in version 1.8.9.
-  * It is now possible to match an environment variable's value as well as its 
+  * It is now possible to match an environment variable's value as well as its
-    name using env_keep and env_check. This can be used to preserve bash 
+    name using env_keep and env_check. This can be used to preserve bash
    functions which would otherwise be removed from the environment.
-  * New files created via sudoedit as a non-root user now have the proper 
+  * New files created via sudoedit as a non-root user now have the proper
    group id. Bug #656.
-  * Sudoedit now works correctly in conjunction with sudo's SELinux RBAC 
+  * Sudoedit now works correctly in conjunction with sudo's SELinux RBAC
    support. Temporary files are now created with the proper security context.
-  * The sudo I/O logging plugin API has been updated. If a logging function 
+  * The sudo I/O logging plugin API has been updated. If a logging function
-    returns an error, the command will be terminated and all of the plugin's 
+    returns an error, the command will be terminated and all of the plugin's
-    logging functions will be disabled. If a logging function rejects the 
+    logging functions will be disabled. If a logging function rejects the
    command's output it will no longer be displayed to the user's terminal.
-  * Fixed a compilation error on systems that lack openpty(), _getpty() and 
+  * Fixed a compilation error on systems that lack openpty(), _getpty() and
    grantpt(). Bug #660.
-  * Fixed a hang when a sudoers source is listed more than once in a single 
+  * Fixed a hang when a sudoers source is listed more than once in a single
    sudoers nsswitch.conf entry.
-  * On AIX, shell scripts without a #! magic number are now passed to 
+  * On AIX, shell scripts without a #! magic number are now passed to
-    /usr/bin/sh, not /usr/bin/bsh. This is consistent with what the execvp() 
+    /usr/bin/sh, not /usr/bin/bsh. This is consistent with what the execvp()
    function on AIX does and matches historic sudo behavior. Bug #661.
-  * Fixed a cross-compilation problem building mksiglist and mksigname. 
+  * Fixed a cross-compilation problem building mksiglist and mksigname.
-    Bug #662. 
+    Bug #662.
 -------------------------------------------------------------------
 Thu May 15 13:00:31 UTC 2014 - vcizek@suse.com
@ -1775,12 +1803,12 @@ Tue Jul  9 15:46:19 UTC 2013 - darin@darins.net
 -------------------------------------------------------------------
 Tue Jul  9 12:34:16 UTC 2013 - darin@darins.net
- Enable SSSD as a sudoers data source 
+- Enable SSSD as a sudoers data source
 -------------------------------------------------------------------
 Tue Jul  2 16:30:19 UTC 2013 - dmueller@suse.com
- restore accidentally dropped suse-specific patches 
+- restore accidentally dropped suse-specific patches
 -------------------------------------------------------------------
 Thu Jun 27 18:03:10 UTC 2013 - michael@stroeder.com
@ -1790,14 +1818,14 @@ Thu Jun 27 18:03:10 UTC 2013 - michael@stroeder.com
  * remove CVE-2013-1776
  * The non-Unix group plugin is now supported when sudoers data is stored in LDAP.
  * User messages are now always displayed in the user's locale, even when the
-  same message is being logged or mailed in a different locale.  
+  same message is being logged or mailed in a different locale.
  * Log files created by sudo now explicitly have the group set to group ID 0
  rather than relying on BSD group semantics (which may not be the default).
-  * A new exec_background sudoers option can be used to initially run the 
+  * A new exec_background sudoers option can be used to initially run the
-  command without read access to the terminal when running a command in a 
+  command without read access to the terminal when running a command in a
-  pseudo-tty. 
+  pseudo-tty.
  * Sudo now produces better error messages when there is an error in the sudo.conf file.
-  * Two new settings have been added to sudo.conf to give the admin better control of 
+  * Two new settings have been added to sudo.conf to give the admin better control of
  how group database queries are performed.
  * There is now a standalone sudo.conf manual page.
  * New support for specifying a SHA-2 digest along with the command in sudoers.
@ -1828,10 +1856,10 @@ Sun Nov  4 20:32:52 UTC 2012 - crrodriguez@opensuse.org
 - sudo 1.8.6p3
 * Support for using the System Security Services Daemon (SSSD) as a source of sudoers data
-* Fixed a race condition that could cause sudo to receive SIGTTOU (and stop) 
+* Fixed a race condition that could cause sudo to receive SIGTTOU (and stop)
-  when resuming a shell that was run via sudo when I/O logging (and use_pty) is not enabled. 
+  when resuming a shell that was run via sudo when I/O logging (and use_pty) is not enabled.
 * The sudoers plugin now takes advantage of symbol visibility controls when supported by the compiler or linker.
-* Sending SIGTSTP directly to the sudo process will now suspend 
+* Sending SIGTSTP directly to the sudo process will now suspend
   the running command when I/O logging (and use_pty) is not enabled.
 -------------------------------------------------------------------
@ -1914,10 +1942,10 @@ Wed Jan 25 15:09:14 UTC 2012 - vcizek@suse.com
 -------------------------------------------------------------------
 Wed Jan  4 16:54:23 UTC 2012 - vcizek@suse.com
- update to sudo-1.8.3p1 
+- update to sudo-1.8.3p1
  * Fixed a crash in the monitor process on Solaris when NOPASSWD
    was specified or when authentication was disabled.
-  * Fixed matching of a Runas_Alias in the group section of a Runas_Spec. 
+  * Fixed matching of a Runas_Alias in the group section of a Runas_Spec.
 -------------------------------------------------------------------
 Wed Dec 28 06:45:07 UTC 2011 - aj@suse.de
@ -2010,7 +2038,7 @@ Thu Oct 13 00:59:49 UTC 2011 - prusnak@opensuse.org
 -------------------------------------------------------------------
 Fri May 20 12:10:45 UTC 2011 - puzel@novell.com
- update to sudo-1.8.1p2 
+- update to sudo-1.8.1p2
  - Two-character CIDR-style IPv4 netmasks are now matched
    correctly in the sudoers file.
  - A non-existent includedir is now treated the same as an empty
@ -2076,7 +2104,7 @@ Thu Mar 17 10:24:49 UTC 2011 - puzel@novell.com
  * Support for logging I/O for the command being run.
  * Sudo will now use the Linux audit system.
  + See /usr/share/doc/packages/sudo/NEWS for full list
- new configure script flags: enable-warnings, with-linux-audit, 
+- new configure script flags: enable-warnings, with-linux-audit,
  docdir, with-sendmail
 - BuildRequires += audit-devel
 - BuildRequires -= postfix
@ -2102,12 +2130,12 @@ Thu Mar 17 10:24:49 UTC 2011 - puzel@novell.com
 -------------------------------------------------------------------
 Thu Jan 27 09:18:05 UTC 2011 - cprause@novell.com
- added openldap schema file (bnc#667558) 
+- added openldap schema file (bnc#667558)
 -------------------------------------------------------------------
 Thu Jan 13 10:11:35 UTC 2011 - puzel@novell.com
- add sudo-CVE-2011-0010.patch (bnc#663881) 
+- add sudo-CVE-2011-0010.patch (bnc#663881)
 -------------------------------------------------------------------
 Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de
@ -2135,7 +2163,7 @@ Tue Jun 15 21:23:02 UTC 2010 - pascal.bleser@opensuse.org
 -------------------------------------------------------------------
 Wed Jun  2 10:32:42 UTC 2010 - puzel@novell.com
- add sudo-CVE-2010-1646.patch (bnc#594738) 
+- add sudo-CVE-2010-1646.patch (bnc#594738)
 -------------------------------------------------------------------
 Tue May 18 15:52:10 UTC 2010 - puzel@novell.com
@ -2433,10 +2461,10 @@ Tue Oct 30 12:17:37 CET 2007 - prusnak@suse.cz
 Wed Oct 10 11:45:19 CEST 2007 - prusnak@suse.cz
 - update to 1.6.9p6
-  * worked around bugs in the session support of some PAM 
+  * worked around bugs in the session support of some PAM
    implementations
  * the full tty path is now passed to PAM as well
-  * sudo now only prints the password prompt if the process is in 
+  * sudo now only prints the password prompt if the process is in
    the foreground
  * inttypes.h is now included when appropriate if it is present
  * simplified alias allocation in the parser
@ -2627,7 +2655,7 @@ Wed Dec 21 19:55:27 CET 2005 - mjancar@suse.cz
 -------------------------------------------------------------------
 Fri Dec  9 10:01:27 CET 2005 - ro@suse.de
- disabled selinux 
+- disabled selinux
 -------------------------------------------------------------------
 Tue Aug  2 20:42:18 CEST 2005 - mjancar@suse.cz
@ -2642,7 +2670,7 @@ Mon Jun 20 11:50:45 CEST 2005 - anicka@suse.cz
 -------------------------------------------------------------------
 Mon Feb 28 15:30:42 CET 2005 - ro@suse.de
- update to 1.6.8p7 
+- update to 1.6.8p7
 -------------------------------------------------------------------
 Mon Nov 15 14:58:45 CET 2004 - kukuk@suse.de
@ -2773,12 +2801,12 @@ Wed Aug 15 16:17:35 CEST 2001 - pmladek@suse.cz
 -------------------------------------------------------------------
 Tue Aug 14 18:05:55 CEST 2001 - ro@suse.de
- Don't use absolute paths to PAM modules in PAM config files 
+- Don't use absolute paths to PAM modules in PAM config files
 -------------------------------------------------------------------
 Tue Feb 27 11:17:10 CET 2001 - pblaha@suse.cz
- update on 1.6.3p6 for fix potential security problems 
+- update on 1.6.3p6 for fix potential security problems
 -------------------------------------------------------------------
 Mon Jun 26 17:39:24 CEST 2000 - schwab@suse.de
@ -2820,5 +2848,3 @@ Wed Nov  6 00:13:26 CET 1996 - florian@suse.de
 - update to version 1.5.2
 - sudo has changed a lot, please check the sudo documentation
--- a/sudo.spec
+++ b/sudo.spec
@ -22,7 +22,7 @@
 %define use_usretc 1
 %endif
 Name:           sudo
-Version:        1.9.5p1
+Version:        1.9.5p2
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC