Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sudo for openSUSE:Factory checked in at 2022-09-15 22:57:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sudo (Old) and /work/SRC/openSUSE:Factory/.sudo.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo" Thu Sep 15 22:57:37 2022 rev:133 rq:1003396 version:1.9.11p3 Changes: -------- --- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2022-08-25 15:33:01.559915181 +0200 +++ /work/SRC/openSUSE:Factory/.sudo.new.2083/sudo.changes 2022-09-15 22:57:39.568956054 +0200 @@ -1,0 +2,8 @@ +Sat Sep 10 01:48:29 UTC 2022 - Jason Sikes <jsi...@suse.com> + +- Modified sudo-sudoers.patch + * bsc#1177578 + * Removed redundant and confusing 'secure_path' settings in + sudo-sudoers file. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo-sudoers.patch ++++++ --- /var/tmp/diff_new_pack.0bDDqZ/_old 2022-09-15 22:57:41.752962220 +0200 +++ /var/tmp/diff_new_pack.0bDDqZ/_new 2022-09-15 22:57:41.756962231 +0200 @@ -1,8 +1,8 @@ diff --git a/plugins/sudoers/sudoers.in b/plugins/sudoers/sudoers.in -index 5efda5d..ddd311a 100644 +index 5efda5d..e757da4 100644 --- a/plugins/sudoers/sudoers.in +++ b/plugins/sudoers/sudoers.in -@@ -32,30 +32,23 @@ +@@ -32,32 +32,23 @@ ## ## Defaults specification ## @@ -30,11 +30,11 @@ -## this may allow users to subvert the command being run via sudo. -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" -## +-## Uncomment to use a hard-coded PATH instead of the user's to find commands +-# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +## Prevent environment variables from influencing programs in an +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) +Defaults always_set_home -+## Path that will be used for every command run from sudo -+Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/usr/local/sbin" +Defaults env_reset +## Change env_reset to !env_reset in previous line to keep all environment variables +## Following list will no longer be necessary after this change @@ -47,10 +47,12 @@ +## Do not insult users when they enter an incorrect password. +Defaults !insults + - ## Uncomment to use a hard-coded PATH instead of the user's to find commands - # Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ++## Use this PATH instead of the user's to find commands. ++Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin" ## -@@ -68,10 +61,16 @@ + ## Uncomment to send mail if the user does not enter the correct password. + # Defaults mail_badpass +@@ -68,10 +59,16 @@ ## Set maxseq to a smaller number if you don't have unlimited disk space. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output @@ -68,7 +70,7 @@ ## ## Runas alias specification ## -@@ -87,13 +86,5 @@ root ALL=(ALL:ALL) ALL +@@ -87,13 +84,5 @@ root ALL=(ALL:ALL) ALL ## Same thing without a password # %wheel ALL=(ALL:ALL) NOPASSWD: ALL
