Accepting request 202594 from home:vitezslav_cizek:branches:Base:System

- update to 1.8.8
- drop sudo-plugins-sudoers-sssd.patch (upstream)
  * Removed a warning on PAM systems with stacked auth modules
    where the first module on the stack does not succeed.
  * Sudo, sudoreplay and visudo now support GNU-style long options.
  * The -h (--host) option may now be used to specify a host name.
    This is currently only used by the sudoers plugin in conjunction
    with the -l (--list) option.
  * Sudo's LDAP SASL support now works properly with Kerberos.
    Previously, the SASL library was unable to locate the user's
    credential cache.
  * It is now possible to set the nproc resource limit to unlimited
    via pam_limits on Linux (bug #565).
  * New "pam_service" and "pam_login_service" sudoers options
    that can be used to specify the PAM service name to use.
  * New "pam_session" and "pam_setcred" sudoers options that
    can be used to disable PAM session and credential support.
  * The sudoers plugin now properly supports UIDs and GIDs
    that are larger than 0x7fffffff on 32-bit platforms.
  * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
    Defaults entries would cause an internal error.
  * If the "tty_tickets" sudoers option is enabled (the default),
    but there is no tty present, sudo will now use a ticket file
    based on the parent process ID.  This makes it possible to support
    the normal timeout behavior for the session.
  * Fixed a problem running commands that change their process
    group and then attempt to change the terminal settings when not
    running the command in a pseudo-terminal.  Previously, the process
    would receive SIGTTOU since it was effectively a background
    process.  Sudo will now grant the child the controlling tty and

OBS-URL: https://build.opensuse.org/request/show/202594
OBS-URL: https://build.opensuse.org/package/show/Base:System/sudo?expand=0&rev=63

sudo-1.8.7.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:39626cf3d48c4fd5a9139a2627d42bfefac7ce47f470bdba3aeb4e3d7c49566a
-size 2027065

sudo-1.8.8.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f911c1e9297fb8006deb52fa81197a8d06b9d54e70672f723c467ecae992fc9
+size 2117145

sudo-plugins-sudoers-sssd.patch

@@ -1,11 +0,0 @@
---- sudo-1.8.7.orig/plugins/sudoers/sssd.c	2013-06-04 05:48:30.000000000 -0400
-+++ sudo-1.8.7/plugins/sudoers/sssd.c	2013-07-09 11:08:37.159369867 -0400
-@@ -826,7 +826,7 @@
- 	}
- 
-         /* check for sha-2 digest */
--	allowed_digest = sudo_ldap_extract_digest(&val, &digest);
-+	allowed_digest = sudo_sss_extract_digest(&val, &digest);
- 
- 	/* check for !command */
- 	if (*val == '!') {

sudo.changes

@@ -1,3 +1,46 @@
+-------------------------------------------------------------------
+Tue Oct  8 09:21:18 UTC 2013 - vcizek@suse.com
+
+- update to 1.8.8
+- drop sudo-plugins-sudoers-sssd.patch (upstream)
+  * Removed a warning on PAM systems with stacked auth modules
+    where the first module on the stack does not succeed.
+  * Sudo, sudoreplay and visudo now support GNU-style long options.
+  * The -h (--host) option may now be used to specify a host name.
+    This is currently only used by the sudoers plugin in conjunction
+    with the -l (--list) option.
+  * Sudo's LDAP SASL support now works properly with Kerberos.
+    Previously, the SASL library was unable to locate the user's
+    credential cache.
+  * It is now possible to set the nproc resource limit to unlimited
+    via pam_limits on Linux (bug #565).
+  * New "pam_service" and "pam_login_service" sudoers options
+    that can be used to specify the PAM service name to use.
+  * New "pam_session" and "pam_setcred" sudoers options that
+    can be used to disable PAM session and credential support.
+  * The sudoers plugin now properly supports UIDs and GIDs
+    that are larger than 0x7fffffff on 32-bit platforms.
+  * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
+    Defaults entries would cause an internal error.
+  * If the "tty_tickets" sudoers option is enabled (the default),
+    but there is no tty present, sudo will now use a ticket file
+    based on the parent process ID.  This makes it possible to support
+    the normal timeout behavior for the session.
+  * Fixed a problem running commands that change their process
+    group and then attempt to change the terminal settings when not
+    running the command in a pseudo-terminal.  Previously, the process
+    would receive SIGTTOU since it was effectively a background
+    process.  Sudo will now grant the child the controlling tty and
+    continue it when this happens.
+  * The "closefrom_override" sudoers option may now be used in
+    a command-specified Defaults entry (bug #610).
+  * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
+  * Root may no longer change its SELinux role without entering
+    a password.
+  * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
+    to the I/O log timing file are two greater than they should be.
+    Sudoreplay now contains a work-around to parse those files.
+
 -------------------------------------------------------------------
 Fri Jul 12 12:07:27 UTC 2013 - vcizek@suse.com
 

sudo.spec

@@ -17,7 +17,7 @@
 
 
 Name:           sudo
-Version:        1.8.7
+Version:        1.8.8
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC
@@ -30,7 +30,6 @@ Patch0:         sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch1:         sudo-sudoers.patch
 # PATCH-FIX-UPSTREAM: fixes 64bit-portability-issue ./sssd.c:829; sent upstream
-Patch2:         sudo-plugins-sudoers-sssd.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -61,7 +60,6 @@ These header files are needed for building of sudo plugins.
 %setup -q
 %patch0 -p1 
 %patch1 -p1
-%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc