Accepting request 1304809 from Base:System

OBS-URL: https://build.opensuse.org/request/show/1304809
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sudo?expand=0&rev=155

sudo-1.9.17p2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4a38a1ab3adb1199257edc2a7c4a2bd714665eb605b04368843b06dada2cfcfb
+size 5451682

sudo-sudoers.patch

@@ -1,10 +1,10 @@
-Index: sudo-1.9.15p2/plugins/sudoers/sudoers.in
+Index: sudo-1.9.17p1/plugins/sudoers/sudoers.in
 ===================================================================
---- sudo-1.9.15p2.orig/plugins/sudoers/sudoers.in
-+++ sudo-1.9.15p2/plugins/sudoers/sudoers.in
-@@ -41,32 +41,23 @@
- ##
- ## Defaults specification
+--- sudo-1.9.17p1.orig/plugins/sudoers/sudoers.in
++++ sudo-1.9.17p1/plugins/sudoers/sudoers.in
+@@ -50,29 +50,23 @@ Defaults!@visudo@ env_keep += "SUDO_EDIT
+ ## arbitrary commands under sudo.
+ @secure_path_config@Defaults secure_path="@secure_path@"
  ##
 -## You may wish to keep some of the following environment variables
 -## when running commands via sudo.
@@ -29,9 +29,6 @@ Index: sudo-1.9.15p2/plugins/sudoers/sudoers.in
 -## Uncomment to enable special input methods.  Care should be taken as
 -## this may allow users to subvert the command being run via sudo.
 -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
--##
--## Uncomment to use a hard-coded PATH instead of the user's to find commands
--# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 +## Prevent environment variables from influencing programs in an
 +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
 +Defaults always_set_home
@@ -50,9 +47,9 @@ Index: sudo-1.9.15p2/plugins/sudoers/sudoers.in
 +## Use this PATH instead of the user's to find commands.
 +Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
  ##
- ## Uncomment to restore the historic behavior where a command is run in
- ## the user's own terminal.
-@@ -81,7 +72,6 @@
+ ## Uncomment to disable "use_pty" when running commands as root.
+ ## Commands run as non-root users will run in a pseudo-terminal,
+@@ -94,7 +88,6 @@ Defaults!@visudo@ env_keep += "SUDO_EDIT
  ## Set maxseq to a smaller number if you don't have unlimited disk space.
  # Defaults log_output
  # Defaults!/usr/bin/sudoreplay !log_output
@@ -60,9 +57,9 @@ Index: sudo-1.9.15p2/plugins/sudoers/sudoers.in
  # Defaults!REBOOT !log_output
  # Defaults maxseq = 1000
  ##
-@@ -95,6 +85,12 @@
- ## slower by these options and also can clutter up the logs.
- # Defaults!PKGMAN !intercept, !log_subcmds
+@@ -112,6 +105,12 @@ Defaults!@visudo@ env_keep += "SUDO_EDIT
+ ## modules such as pam_faillock will not be printed.
+ # Defaults !pam_silent
  
 +## In the default (unconfigured) configuration, sudo asks for the root password.
 +## This allows use of an ordinary user account for administration of a freshly
@@ -73,12 +70,12 @@ Index: sudo-1.9.15p2/plugins/sudoers/sudoers.in
  ##
  ## Runas alias specification
  ##
-@@ -110,13 +106,5 @@ root ALL=(ALL:ALL) ALL
+@@ -127,13 +126,5 @@ root ALL=(ALL:ALL) ALL
  ## Same thing without a password
  # %wheel ALL=(ALL:ALL) NOPASSWD: ALL
  
 -## Uncomment to allow members of group sudo to execute any command
--# %sudo	ALL=(ALL:ALL) ALL
+-# %sudo ALL=(ALL:ALL) ALL
 -
 -## Uncomment to allow any user to run sudo if they know the password
 -## of the user they are running the command as (root by default).

sudo.changes

@@ -1,3 +1,165 @@
+-------------------------------------------------------------------
+Mon Sep 15 11:25:24 UTC 2025 - Simon Lees <sflees@suse.de>
+
+- Update to 1.9.17p2
+  * Fixed a bug introduced in sudo 1.9.16 that could result in sudo 
+    sending SIGHUP to all processes on the system in certain rare
+    cases. The bug could manifest if sudo is running a command in
+    a pseudo-terminal, sudo terminates the command due to an
+    internal error, and the user’s terminal is revoked. GitHub
+    issue #458.
+  * Fixed a bug introduced in sudo 1.9.12 that caused sudo to
+    abort when the intercept and intercept_verify options are
+    enabled in sudoers and either the command line arguments or
+    the environment contains a string larger than the page size
+    (usually 4096). This only Linux affects systems that support
+    the ptrace_readv_string() function. GitHub issue #453.
+  * Fixed a bug in sudo’s configure script introduced in sudo
+    1.9.17 that prevented mdoc-format man pages from being used 
+    on systems without the mandoc utility. Bug #1077.
+- /usr/etc/sudoers and file /usr/etc/sudoers.d/50-wheel-auth-self
+  both have permissions 0644, while visudo -c complains that they
+  should be 0440. (bsc#1249447)
+- Policy and Groups subpackages can be noarch
+
+-------------------------------------------------------------------
+Mon Jun 30 19:28:17 UTC 2025 - Simon Lees <sflees@suse.de>
+
+- Update to 1.9.17p1
+  * Fix a possible local privilege escalation via the --host option
+    [bsc#1245274, CVE-2025-32462]
+  * Fix a possible local privilege Escalation via chroot option
+    [bsc#1245275, CVE-2025-32463]
+- Update to 1.9.17
+  * Sudo now uses the NODEV macro consistently. Bug #1074.
+    Fixed a bug where the ALL command in a sudoers rule would 
+    override a previous NOSETENV tag. Command tags are inherited from
+    previous Cmnds in a Cmnd_Spec_List. There is a special case for 
+    the SETENV tag with the ALL command, where SETENV is implied if
+    no explicit SETENV or NOSETENV tag is specified. This special 
+    case did not take into account that a NOSETENV tag that was inherited 
+    should override this behavior.
+  * If sudo is run via ssh without a terminal and a password is required,
+    it now suggest using ssh’s -t option.
+  * Fixed the display of timeout values in the sudo -V output on systems
+    without a C99-compliant snprintf() function.
+  * Quieted a number of minor Coverity warnings.
+  * Fixed a problem running sudo from a serial console on Linux when the
+    command is run in a pseudo-terminal (the default).
+  * Fixed a crash in sudo which could occur if there was a fatal error
+    after the user was validated but before the command was actually run.
+  * Fixed a number of man page style warnings. The “lint” make target in
+    the docs directory will now run groff with warnings enabled if it is
+    available. Bug #1075.
+  * The ignore_dot sudoers setting is now on by default. There is now a
+    --disable-ignore-dot configure option to disable it. The 
+    --with-ignore-dot configure option has been deprecated.
+  * Fixed a problem with the pwfeedback option where an initial backspace
+    would reduce the maximum length allowed for the password. 
+    GitHub issue #439.
+  * Fixed minor grammar and spelling problems in the man pages.
+  * Fixed a bug where a user could avoid entering a password for sudo -l
+    command if they specified their own user or group name via the -u or
+    -g options.
+  * Avoid potential password guessing based on timing attacks on the 
+    strcmp() function on systems without PAM or a crypt() function where
+    plaintext passwords are stored in the shadow password file.
+  * Fixed a potential information leak where sudo -l command could be used
+    to determine whether an executable exists in a directory that they do
+    not have search access to.
+  * Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once again.
+    A long time ago sudo changed from using TCSAFLUSH to TCSADRAIN due
+    to some systems having bugs related to TCSAFLUSH. That should no longer
+    be a concern. Using TCSAFLUSH ensures that password input that has been
+    received by the kernel, but not yet read by sudo, will be discarded and
+    not echoed.
+  * Added the SUDO_TTY environment variable if the user has a terminal. 
+    This can be used to find the user’s original tty device when sudo runs
+    the command in its own pseudo-terminal. GitHub issue #447.
+  * New Cantonese translation for sudo.
+
+-------------------------------------------------------------------
+Wed Apr 16 07:05:52 UTC 2025 - Simon Lees <sflees@suse.de>
+
+- Update to 1.9.16p2:
+* Sudo now passes the terminal device number to the policy plugin 
+  even if it cannot resolve it to a path name. This allows sudo to
+  run without warnings in a chroot jail when the terminal device
+  files are not present. GitHub issue #421.
+* On Linux systems, sudo will now attempt to use the symbolic links
+  in /proc/self/fd/{0,1,2} when resolving the terminal device number.
+  This can allow sudo to map a terminal device to its path name even
+  when /dev/pts is not mounted in a chroot jail.
+* Fixed compilation errors with gcc and clang in C23 mode. C23 no
+  longer supports functions with unspecified arguments. GitHub issue
+  #420.
+* Fixed the test for cross-compiling when checking for C99 snprintf().
+  The changes made to the test in sudo 1.9.16 resulted in a different
+  problem. GitHub issue #386.
+* Fixed the date used by the exit record in sudo-format log files.
+  This was a regression introduced in sudo 1.9.16 and only affected
+  file-based logs, not syslog. GitHub issue #405.
+* Fixed the root cause of the “unable to find terminal name for device”
+  message when running sudo on AIX when no terminal is present. In
+  sudo 1.9.16 this was turned from a debug message into a warning. 
+  GitHub issue #408.
+* When a duplicate alias is found in the sudoers file, the warning
+  message now includes the file and line number of the previous
+  definition.
+* Added support for the --with-secure-path-value=no configure option
+  to allow packagers to ship the default sudoers file with the secure
+  path line commented out.
+* Sudo no longer sends mail when a user runs sudo -nv or sudo -nl,
+  even if mail_badpass or mail_always are set. Sudo already avoids
+  logging to a file or syslog in this case. Bug #1072.
+* Added the cmddenial_message sudoers option to provide additional
+  information to the user when a command is denied by the sudoers
+  policy. The default message is still displayed.
+* The time stamp used for file-based logs is now more consistent
+  with the time stamp produced by syslog. GitHub issue #327.
+* Sudo will now warn the user if it can detect the user’s terminal but
+  cannot determine the path to the terminal device. The sudoers time 
+  stamp file will now use the terminal device number directly. 
+  GitHub issue #329.
+* The embedded copy of zlib has been updated to version 1.3.1.
+* Improved error handling if generating the list of signals and signal
+  names fails at build time.
+* Fixed a compilation issue on Linux systems without process_vm_readv().
+* Fixed cross-compilation with WolfSSL.
+* Added a json_compact value for the sudoers log_format option which can
+  be used when logging to a file. The existing json value has been aliased
+  to json_pretty. In a future release, json will be an alias for 
+  json_compact. GitHub issue #357.
+* A new pam_silent sudoers option has been added which may be negated to
+  avoid suppressing output from PAM authentication modules. GitHub issue #216.
+* Fixed several cvtsudoers JSON output problems. GitHub issues #369, #370, 
+  #371, #373, #381.
+* When sudo runs a command in a pseudo-terminal and the user’s terminal is
+  revoked, the pseudo-terminal’s foreground process group will now receive
+  SIGHUP before the terminal is revoked. This emulates the behavior of the
+  session leader exiting and is consistent with what happens when,
+  for example, an ssh session is closed. GitHub issue #367.
+* Fixed make test with Python 3.12. GitHub issue #374.
+* In schema.ActiveDirectory, fixed the quoting in the example command. 
+  GitHub issue #376.
+* Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may now
+  be double-quoted.
+* Sudo insults are now included by default, but disabled unless the
+  --with-insults configure option is specified or the insults sudoers
+  option is enabled.
+* The default sudoers file now enables the secure_path option by
+  default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment
+  variables when running visudo. The new --with-secure-path-value
+  configure option can be used to set the value of secure_path in
+  the default sudoers file. GitHub issue #387.
+* A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory
+  Server, IBM Security Directory Server, and IBM Security Verify
+  Directory) is now included.
+* When cross-compiling sudo, the configure script now assumes that
+  the snprintf() function is C99-compliant if the C compiler 
+  supports the C99 standard. Previously, configure would use sudo’s 
+  own snprintf() when cross-compiling. GitHub issue #386.
+
 -------------------------------------------------------------------
 Mon Jul 29 04:55:32 UTC 2024 - Simon Lees <sflees@suse.de>
 

sudo.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
 %endif
 
 Name:           sudo
-Version:        1.9.15p5
+Version:        1.9.17p2
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC
@@ -104,6 +104,7 @@ Summary:        Users in the wheel group can authenticate as admin
 Group:          System/Base
 Requires:       %{name} = %{version}
 Requires:       group(wheel)
+BuildArch:      noarch
 
 %description policy-wheel-auth-self
 Sudo authentication policy that allows users in the wheel group to
@@ -114,6 +115,7 @@ Summary:        Users in the sudo group can authenticate as admin
 Group:          System/Base
 Requires:       %{name} = %{version}
 Requires:       group(sudo)
+BuildArch:      noarch
 
 %description policy-sudo-auth-self
 Sudo authentication policy that allows users in the sudo group to
@@ -122,6 +124,7 @@ authenticate as root with their own password
 %package -n system-group-sudo
 Summary:        System group 'sudo'
 Group:          System/Fhs
+BuildArch:      noarch
 %{sysusers_requires}
 
 %description -n system-group-sudo
@@ -205,9 +208,10 @@ rm -f %{buildroot}%{confdir}/sudoers.dist
 mkdir -p %{buildroot}%{_distconfdir}/sudoers.d %{buildroot}%{_sysconfdir}/sudoers.d
 chmod 644 %{buildroot}%{_distconfdir}/sudoers
 echo "@includedir /etc/sudoers.d" >> %{buildroot}%{_distconfdir}/sudoers
+chmod 440 %{buildroot}%{_distconfdir}/sudoers
 %endif
 
-install -D -m 644 %{SOURCE8} %{buildroot}%{confdir}/sudoers.d/50-wheel-auth-self
+install -D -m 440 %{SOURCE8} %{buildroot}%{confdir}/sudoers.d/50-wheel-auth-self
 install -D -m 644 %{SOURCE9} %{buildroot}/usr/share/polkit-1/rules.d/51-wheel.rules
 
 sed -e 's/wheel/sudo/g' < %{SOURCE8} > %{buildroot}%{confdir}/sudoers.d/50-sudo-auth-self
@@ -323,7 +327,7 @@ test -f %{_sysconfdir}/sudoers.rpmsave && mv -v %{_sysconfdir}/sudoers.rpmsave %
 %{_localstatedir}/lib/tests
 
 %files policy-wheel-auth-self
-%{confdir}/sudoers.d/50-wheel-auth-self
+%attr(0440,root,root) %{confdir}/sudoers.d/50-wheel-auth-self
 %dir /usr/share/polkit-1
 %dir %attr(0555,root,root) /usr/share/polkit-1/rules.d
 /usr/share/polkit-1/rules.d/51-wheel.rules