Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sudo for openSUSE:Factory checked in at 2022-10-28 19:28:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sudo (Old) and /work/SRC/openSUSE:Factory/.sudo.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo" Fri Oct 28 19:28:55 2022 rev:134 rq:1031418 version:1.9.12 Changes: -------- --- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2022-09-15 22:57:39.568956054 +0200 +++ /work/SRC/openSUSE:Factory/.sudo.new.2275/sudo.changes 2022-10-28 19:28:57.678460116 +0200 @@ -1,0 +2,83 @@ +Tue Oct 25 23:41:55 UTC 2022 - Jason Sikes <[email protected]> + +- Update to 1.9.12: + * Dropped sudo-1.9.10-update_sudouser_to_utf8.patch + * Changes in Sudo 1.9.12: + * Fixed a bug when logging the command???s exit status in intercept mode. + The wrong command could be logged with the exit status. + * For ptrace-based intercept mode, sudo will now attempt to verify that + the command path name, arguments and environment have not changed from + the time when they were authorized by the security policy. The new + intercept_verify sudoers setting can be used to control this behavior. + * Fixed running commands with a relative path (e.g. ./foo) in intercept + mode. Previously, this would fail if sudo???s current working directory + was different from that of the command. + * Sudo now supports passing the execve(2) system call the NULL pointer + for the argv and/or envp arguments when in intercept mode. Linux treats + a NULL pointer like an empty array. + * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and + sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII. + * Fixed a problem with sudo -i on SELinux when the target user???s home + directory is not searchable by sudo. GitHub issue #160. + * Neovim has been added to the list of visudo editors that support passing + the line number on the command line. + * Fixed a bug in sudo???s SHA384 and SHA512 message digest padding. + * Added a new -N (no-update) command line option to sudo which can be used + to prevent sudo from updating the user???s cached credentials. It is now + possible to determine whether or not a user???s cached credentials are + currently valid by running: + $ sudo -Nnv + and checking the exit value. One use case for this is to indicate in a + shell prompt that sudo is ???active??? for the user. + * PAM approval modules are no longer invoked when running sub-commands in + intercept mode unless the intercept_authenticate option is set. There is + a substantial performance penalty for calling into PAM for each command + run. PAM approval modules are still called for the initial command. + * Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) + if available. + * The XDG_CURRENT_DESKTOP environment variable is now preserved by default. + This makes it possible for graphical applications to choose the correct + theme when run via sudo. + * On 64-bit systems, if sudo fails to load a sudoers group plugin, it will + use system-specific heuristics to try to locate a 64-bit version of the plugin. + * The cvtsudoers manual now documents the JSON and CSV output formats. + GitHub issue #172. + * Fixed a bug where sub-commands were not being logged to a remote log server + when log_subcmds was enabled. GitHub issue #174. + * The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout + sudoers settings can be used to support more fine-grained I/O logging. + The sudo front-end no longer allocates a pseudo-terminal when running a + command if the I/O logging plugin requests logging of stdin, stdout, or + stderr but not terminal input/output. + * Quieted a libgcrypt run-time initialization warning. This fixes Debian + bug #1019428 and Ubuntu bug #1397663. + * Fixed a bug in visudo that caused literal backslashes to be removed from + the EDITOR environment variable. GitHub issue #179. + * The sudo Python plugin now implements the find_spec method instead of the + the deprecated find_module. This fixes a test failure when a newer version + of setuptools that doesn???t include find_module is found on the system. + * Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created the process + ID file, usually /var/run/sudo/sudo_logsrvd.pid, as a directory instead of a + plain file. The same bug could result in I/O log directories that end in six + or more X???s being created literally in addition to the name being used as a + template for the mkdtemp(3) function. + * Fixed a long-standing bug where a sudoers rule with a command line argument + of ??????, which indicates the command may be run with no arguments, would also + match a literal "" on the command line. GitHub issue #182. + * Added the -I option to visudo which only edits the main sudoers file. Include + files are not edited unless a syntax error is found. + * Fixed sudo -l -U otheruser output when the runas list is empty. Previously, + sudo would list the invoking user instead of the list user. GitHub issue #183. + * Fixed the display of command tags and options in sudo -l output when the RunAs + user or group changes. A new line is started for RunAs changes which means we + need to display the command tags and options again. GitHub issue #184. + * The sesh helper program now uses getopt_long(3) to parse the command line options. + * The embedded copy of zlib has been updated to version 1.2.13. + * Fixed a bug that prevented event log data from being sent to the log server when + I/O logging was not enabled. This only affected systems without PAM or + configurations where the pam_session and pam_setcred options were disabled in + the sudoers file. + * Fixed a bug where sudo -l output included a carriage return after the newline. + This is only needed when displaying to a terminal in raw mode. Bug #1042. + +------------------------------------------------------------------- Old: ---- sudo-1.9.10-update_sudouser_to_utf8.patch sudo-1.9.11p3.tar.gz sudo-1.9.11p3.tar.gz.sig New: ---- sudo-1.9.12.tar.gz sudo-1.9.12.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.ncjXhQ/_old 2022-10-28 19:28:58.574464610 +0200 +++ /var/tmp/diff_new_pack.ncjXhQ/_new 2022-10-28 19:28:58.582464650 +0200 @@ -17,7 +17,7 @@ Name: sudo -Version: 1.9.11p3 +Version: 1.9.12 Release: 0 Summary: Execute some commands as root License: ISC @@ -33,7 +33,6 @@ Source7: README_313276.test # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config Patch0: sudo-sudoers.patch -Patch1: sudo-1.9.10-update_sudouser_to_utf8.patch BuildRequires: audit-devel BuildRequires: cyrus-sasl-devel BuildRequires: groff @@ -121,7 +120,7 @@ --with-sssd %if 0%{?sle_version} < 150000 # the SLES12 way -make %{?_smp_mflags} V=1 +%make_build %else # -B required to make every build give the same result - maybe from bad build deps in Makefiles? %make_build -B @@ -227,7 +226,6 @@ %{_libexecdir}/%{name}/%{name}/group_file.so %{_libexecdir}/%{name}/%{name}/system_group.so %{_libexecdir}/%{name}/%{name}/audit_json.so -%{_libexecdir}/%{name}/%{name}/sample_approval.so %{_libexecdir}/%{name}/%{name}/sudo_intercept.so %{_libexecdir}/%{name}/libsudo_util.so.* %attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name} ++++++ sudo-1.9.11p3.tar.gz -> sudo-1.9.12.tar.gz ++++++ ++++ 96246 lines of diff (skipped)
