Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sudo for openSUSE:Factory checked in at 2022-11-07 09:20:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sudo (Old) and /work/SRC/openSUSE:Factory/.sudo.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo" Mon Nov 7 09:20:11 2022 rev:137 rq: version:1.9.12 Changes: -------- --- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2022-11-05 14:46:54.682643647 +0100 +++ /work/SRC/openSUSE:Factory/.sudo.new.1597/sudo.changes 2022-11-07 09:20:12.644123706 +0100 @@ -2,18 +1,0 @@ -Thu Nov 3 22:07:14 UTC 2022 - Jason Sikes <jsi...@suse.com> - -- Added sudo-CVE-2022-43995.patch - * CVE-2022-43995 - * bsc#1204986 - * Fixed a potential heap-based buffer over-read when entering a password - of seven characters or fewer and using the crypt() password backend. - -------------------------------------------------------------------- -Tue Nov 1 22:04:32 UTC 2022 - Jason Sikes <jsi...@suse.com> - -- Modified sudo-sudoers.patch - * [bsc#1203978 jsc#PED-260] - * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file. - * Sudo now asks for the password of the user calling sudo instead of the - target (i.e. root) user. - -------------------------------------------------------------------- Old: ---- sudo-CVE-2022-43995.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.fRHSCS/_old 2022-11-07 09:20:13.856131173 +0100 +++ /var/tmp/diff_new_pack.fRHSCS/_new 2022-11-07 09:20:13.860131197 +0100 @@ -33,7 +33,6 @@ Source7: README_313276.test # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config Patch0: sudo-sudoers.patch -Patch1: sudo-CVE-2022-43995.patch BuildRequires: audit-devel BuildRequires: cyrus-sasl-devel BuildRequires: groff ++++++ sudo-sudoers.patch ++++++ --- /var/tmp/diff_new_pack.fRHSCS/_old 2022-11-07 09:20:13.924131592 +0100 +++ /var/tmp/diff_new_pack.fRHSCS/_new 2022-11-07 09:20:13.928131616 +0100 @@ -52,7 +52,7 @@ ## ## Uncomment to send mail if the user does not enter the correct password. # Defaults mail_badpass -@@ -68,7 +59,6 @@ +@@ -68,10 +59,16 @@ ## Set maxseq to a smaller number if you don't have unlimited disk space. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output @@ -60,14 +60,28 @@ # Defaults!REBOOT !log_output # Defaults maxseq = 1000 -@@ -87,9 +84,6 @@ root ALL=(ALL:ALL) ALL ++## In the default (unconfigured) configuration, sudo asks for the root password. ++## This allows use of an ordinary user account for administration of a freshly ++## installed system. When configuring sudo, delete the two ++## following lines: ++Defaults targetpw # ask for the password of the target user i.e. root ++ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! ++ + ## + ## Runas alias specification + ## +@@ -87,13 +84,5 @@ root ALL=(ALL:ALL) ALL ## Same thing without a password # %wheel ALL=(ALL:ALL) NOPASSWD: ALL -## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL:ALL) ALL - - ## Uncomment to allow any user to run sudo if they know the password - ## of the user they are running the command as (root by default). - # Defaults targetpw # Ask for the password of the target user +-## Uncomment to allow any user to run sudo if they know the password +-## of the user they are running the command as (root by default). +-# Defaults targetpw # Ask for the password of the target user +-# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw' +- + ## Read drop-in files from @sysconfdir@/sudoers.d + @includedir @sysconfdir@/sudoers.d
