Accepting request 256807 from Base:System

1

OBS-URL: https://build.opensuse.org/request/show/256807
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=67

sudo-1.8.10p3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6eda135fa68163108f1c24de6975de5ddb09d75730bb62d6390bda7b04345400
-size 2262370

sudo-1.8.11p1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:44c275772595a119185336164bb76b6e08f23d38aa0fe0d6bab48812e75d6a43
+size 2402012

sudo-sudoers.patch

@@ -1,8 +1,6 @@
-Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in
-===================================================================
---- sudo-1.8.9p3.orig/plugins/sudoers/sudoers.in	2014-01-07 19:08:50.000000000 +0100
-+++ sudo-1.8.9p3/plugins/sudoers/sudoers.in	2014-01-14 12:06:45.178813991 +0100
-@@ -31,37 +31,38 @@
+--- plugins/sudoers/sudoers.in	2014-09-23 12:40:15.000000000 -0400
++++ sudo-1.8.11p1/plugins/sudoers/sudoers.in	2014-10-10 20:52:15.870635442 -0400
+@@ -32,37 +32,36 @@
  ##
  ## Defaults specification
  ##
@@ -29,6 +27,7 @@ Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in
 -## Uncomment to enable special input methods.  Care should be taken as
 -## this may allow users to subvert the command being run via sudo.
 -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
+-##
 +## Prevent environment variables from influencing programs in an
 +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
 +Defaults always_set_home
@@ -36,36 +35,34 @@ Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in
 +Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
 +Defaults env_reset
 +## Change env_reset to !env_reset in previous line to keep all environment variables
-+## Following list will no longer be necessary after this change
-+
-+Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
++## Following list will no longer be nevessary after this change
++Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
 +## Comment out the preceding line and uncomment the following one if you need
-+## to use special input methods. This may allow users to compromise  the root
++## to use special input methods. This may allow users to compromise the root
 +## account if they are allowed to run commands without authentication.
-+#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
++#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
 +
 +## Do not insult users when they enter an incorrect password.
 +Defaults !insults
 +
- ##
  ## Uncomment to enable logging of a command's output, except for
  ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
  # Defaults log_output
  # Defaults!/usr/bin/sudoreplay !log_output
 -# Defaults!/usr/local/bin/sudoreplay !log_output
- # Defaults!/sbin/reboot !log_output
+ # Defaults!REBOOT !log_output
  
 +## In the default (unconfigured) configuration, sudo asks for the root password.
 +## This allows use of an ordinary user account for administration of a freshly
 +## installed system. When configuring sudo, delete the two
 +## following lines:
 +Defaults targetpw   # ask for the password of the target user i.e. root
-+ALL	ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
++ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
 +
  ##
  ## Runas alias specification
  ##
-@@ -77,14 +78,6 @@ root ALL=(ALL) ALL
+@@ -78,14 +77,6 @@
  ## Same thing without a password
  # %wheel ALL=(ALL) NOPASSWD: ALL
  
@@ -80,11 +77,9 @@ Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in
  ## Read drop-in files from @sysconfdir@/sudoers.d
  ## (the '#' here does not indicate a comment)
  #includedir @sysconfdir@/sudoers.d
-Index: sudo-1.8.9p3/doc/sudoers.mdoc.in
-===================================================================
---- sudo-1.8.9p3.orig/doc/sudoers.mdoc.in	2014-01-07 19:08:50.000000000 +0100
-+++ sudo-1.8.9p3/doc/sudoers.mdoc.in	2014-01-14 11:46:33.718336561 +0100
-@@ -1609,7 +1609,7 @@ is present in the
+--- doc/sudoers.mdoc.in	2014-09-23 12:40:15.000000000 -0400
++++ sudo-1.8.11p1/doc/sudoers.mdoc.in	2014-10-10 20:56:18.439618855 -0400
+@@ -1661,7 +1661,7 @@
  .Em env_keep
  list.
  This flag is
@@ -93,7 +88,7 @@ Index: sudo-1.8.9p3/doc/sudoers.mdoc.in
  by default.
  .It authenticate
  If set, users must authenticate themselves via a password (or other
-@@ -1910,7 +1910,7 @@ If set,
+@@ -1975,7 +1975,7 @@
  .Nm sudo
  will insult users when they enter an incorrect password.
  This flag is
@@ -102,7 +97,7 @@ Index: sudo-1.8.9p3/doc/sudoers.mdoc.in
  by default.
  .It log_host
  If set, the host name will be logged in the (non-syslog)
-@@ -2363,7 +2363,7 @@ database as an argument to the
+@@ -2436,7 +2436,7 @@
  .Fl u
  option.
  This flag is

sudo.changes

@@ -1,3 +1,77 @@
+-------------------------------------------------------------------
+Sat Oct 11 02:09:17 UTC 2014 - tabraham@suse.com
+
+- refresh sudo-sudoers.patch
+- update to 1.8.11p1
+  * Fixed a compilation problem on some systems when the 
+    --disable-shared-libutil configure option was specified.
+  * The user can no longer interrupt the sleep after an incorrect password on 
+    PAM systems using pam_unix. Bug #666.
+  * Fixed a compilation problem on Linux systems that do not use PAM. Bug #667.
+  * "make install" will now work with the stock GNU autotools install-sh 
+    script. Bug #669.
+  * Fixed a crash with "sudo -i" when the current working directory does not 
+    exist. Bug #670.
+  * Fixed a potential crash in the debug subsystem when logging a message 
+    larger that 1024 bytes.
+  * Fixed a "make check" failure for ttyname when stdin is closed and stdout 
+    and stderr are redirected to a different tty. Bug #643.
+  * Added BASH_FUNC_* to environment blacklist to match newer-style bash 
+    functions. 
+
+- changes from 1.8.11
+  * The sudoers plugin no longer uses setjmp/longjmp to recover from fatal 
+    errors. All errors are now propagated to the caller via return codes.
+  * When running a command in the background, sudo will now forward SIGINFO to 
+    the command (if supported).
+  * Sudo will now use the system versions of the sha2 functions from libc or 
+    libmd if available.
+  * Visudo now works correctly on GNU Hurd. Bug #647.
+  * Fixed suspend and resume of curses programs on some system when the 
+    command is not being run in a pseudo-terminal. Bug #649.
+  * Fixed a crash with LDAP-based sudoers on some systems when Kerberos was 
+    enabled.
+  * Sudo now includes optional Solaris audit support.
+  * Catalan translation for sudoers from translationproject.org.
+  * Norwegian Bokmaal translation for sudo from translationproject.org.
+  * Greek translation for sudoers from translationproject.org
+  * The sudo source tree has been reorganized to more closely resemble that of 
+    other gettext-enabled packages. 
+  * Sudo and its associated programs now link against a shared version of 
+    libsudo_util. The --disable-shared-libutil configure option may be used to 
+    force static linking if the --enable-static-sudoers option is also 
+    specified.
+  * The passwords in ldap.conf and ldap.secret may now be encoded in base64.
+  * Audit updates. SELinux role changes are now audited. For sudoedit, we now 
+    audit the actual editor being run, instead of just the sudoedit command.
+  * Fixed bugs in the man page post-processing that could cause portions of the 
+    manuals to be removed.
+  * Fixed a crash in the system_group plugin. Bug #653.
+  * Fixed sudoedit on platforms without a native version of the getprogname() 
+    function. Bug #654.
+  * Fixed compilation problems with some pre-C99 compilers.
+  * Fixed sudo's -C option which was broken in version 1.8.9.
+  * It is now possible to match an environment variable's value as well as its 
+    name using env_keep and env_check. This can be used to preserve bash 
+    functions which would otherwise be removed from the environment.
+  * New files created via sudoedit as a non-root user now have the proper 
+    group id. Bug #656.
+  * Sudoedit now works correctly in conjunction with sudo's SELinux RBAC 
+    support. Temporary files are now created with the proper security context.
+  * The sudo I/O logging plugin API has been updated. If a logging function 
+    returns an error, the command will be terminated and all of the plugin's 
+    logging functions will be disabled. If a logging function rejects the 
+    command's output it will no longer be displayed to the user's terminal.
+  * Fixed a compilation error on systems that lack openpty(), _getpty() and 
+    grantpt(). Bug #660.
+  * Fixed a hang when a sudoers source is listed more than once in a single 
+    sudoers nsswitch.conf entry.
+  * On AIX, shell scripts without a #! magic number are now passed to 
+    /usr/bin/sh, not /usr/bin/bsh. This is consistent with what the execvp() 
+    function on AIX does and matches historic sudo behavior. Bug #661.
+  * Fixed a cross-compilation problem building mksiglist and mksigname. 
+    Bug #662. 
+
 -------------------------------------------------------------------
 Thu May 15 13:00:31 UTC 2014 - vcizek@suse.com
 

sudo.spec

@@ -17,7 +17,7 @@
 
 
 Name:           sudo
-Version:        1.8.10p3
+Version:        1.8.11p1
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC
@@ -53,6 +53,7 @@ minutes by default).
 %package devel
 Summary:        Header files needed for sudo plugin development
 Group:          Development/Libraries/C and C++
+Requires:       %{name} = %{version}
 
 %description devel
 These header files are needed for building of sudo plugins.
@@ -99,11 +100,11 @@ export LDFLAGS="-pie"
     --without-secure-path \
     --with-passprompt='%%p\x27s password:' \
     --with-rundir=%{_localstatedir}/lib/sudo \
-    --with-sssd
+    --with-sssd 
 make %{?_smp_mflags}
 
 %install
-%make_install
+%make_install install_uid=`id -u` install_gid=`id -g`
 install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
 install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo
 mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
@@ -115,7 +116,7 @@ install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/
 rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
 rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
 rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
-rm -f %{buildroot}%{_libexecdir}/%{name}/sudoers.la
+
 %find_lang %{name}
 %find_lang sudoers
 cat sudoers.lang >> %{name}.lang
@@ -140,7 +141,14 @@ chmod 0440 %{_sysconfdir}/sudoers
 %files -f %{name}.lang
 %defattr(-,root,root)
 %doc %{_docdir}/%{name}
-%doc %{_mandir}/man?/*
+%doc %{_mandir}/man5/sudoers.5*
+%doc %{_mandir}/man5/sudo.conf.5*
+%doc %{_mandir}/man5/sudoers.ldap.5*
+%doc %{_mandir}/man8/sudo.8*
+%doc %{_mandir}/man8/sudoedit.8*
+%doc %{_mandir}/man8/sudoreplay.8*
+%doc %{_mandir}/man8/visudo.8*
+
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
 %dir %{_sysconfdir}/sudoers.d
 %config %{_sysconfdir}/pam.d/sudo
@@ -152,12 +160,22 @@ chmod 0440 %{_sysconfdir}/sudoers
 %{_bindir}/sudoreplay
 %{_sbindir}/visudo
 %attr(0755,root,root) %{_sbindir}/sudoers2ldif
-%{_libexecdir}/sudo
-%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/sudo
+%dir %{_libexecdir}/%{name}
+%{_libexecdir}/%{name}/sesh
+%{_libexecdir}/%{name}/sudo_noexec.so
+%{_libexecdir}/%{name}/sudoers.so
+%{_libexecdir}/%{name}/group_file.so
+%{_libexecdir}/%{name}/system_group.so
+%{_libexecdir}/%{name}/libsudo_util.so.*
+%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
 
 %files devel
 %defattr(-,root,root)
+%doc plugins/sample/sample_plugin.c
 %{_includedir}/sudo_plugin.h
+%{_mandir}/man8/sudo_plugin.8*
+%attr(0644,root,root) %{_libexecdir}/%{name}/libsudo_util.so
+%{_libexecdir}/%{name}/*.la
 
 %files test
 %defattr(-,root, root)