Hello community,
here is the log from the commit of package sudo for openSUSE:Factory checked in
at 2017-06-04 01:48:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sudo (Old)
and /work/SRC/openSUSE:Factory/.sudo.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo"
Sun Jun 4 01:48:57 2017 rev:87 rq:500408 version:1.8.20p2
Changes:
--------
--- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2017-05-31
21:26:19.337799096 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes 2017-06-04
01:49:11.146421860 +0200
@@ -1,0 +2,87 @@
+Thu Jun 1 07:04:16 UTC 2017 - mich...@stroeder.com
+
+- update to 1.8.20p2 which obsoletes patches:
+ * sudo-1.8.19p2-CVE-2017-1000367.patch
+ * sudo-1.8.19p2-decrement_env_len.patch
+ * sudo-1.8.19p2-dont_overwrite_ret_val.patch
+
+Major changes between sudo 1.8.20p2 and 1.8.20p1:
+
+ * Fixed a bug parsing /proc/pid/stat on Linux when the process
+ name contains newlines. This is not exploitable due to the /dev
+ traversal changes in sudo 1.8.20p1.
+
+Major changes between sudo 1.8.20p1 and 1.8.20:
+
+ * Fixed "make check" when using OpenSSL or GNU crypt.
+ Bug #787.
+ * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
+ when the process name contains spaces. Since the user has control
+ over the command name, this could potentially be used by a user
+ with sudo access to overwrite an arbitrary file on systems with
+ SELinux enabled. Also stop performing a breadth-first traversal
+ of /dev when looking for the device; only a hard-coded list of
+ directories are checked,
+
+Major changes between sudo 1.8.20 and 1.8.19p2:
+
+ * Added support for SASL_MECH in ldap.conf. Bug #764
+ * Added support for digest matching when the command is a glob-style
+ pattern or a directory. Previously, only explicit path matches
+ supported digest checks.
+ * New "fdexec" Defaults option to control whether a command
+ is executed by path or by open file descriptor.
+ * The embedded copy of zlib has been upgraded to version 1.2.11.
+ * Fixed a bug that prevented sudoers include files with a relative
+ path starting with the letter 'i' from being opened. Bug #776.
+ * Added support for command timeouts in sudoers. The command will
+ be terminated if the timeout expires.
+ * The SELinux role and type are now displayed in the "sudo -l"
+ output for the LDAP and SSSD backends, just as they are in the
+ sudoers backend.
+ * A new command line option, -T, can be used to specify a command
+ timeout as long as the user-specified timeout is not longer than
+ the timeout specified in sudoers. This option may only be
+ used when the "user_command_timeouts" flag is enabled in sudoers.
+ * Added NOTBEFORE and NOTAFTER command options to the sudoers
+ backend similar to what is already available in the LDAP backend.
+ * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
+ crypt instead of the SHA2 implementation bundled with sudo.
+ * Fixed a compilation error on systems without the stdbool.h header
+ file. Bug #778.
+ * Fixed a compilation error in the standalone Kerberos V authentication
+ module. Bug #777.
+ * Added the iolog_flush flag to sudoers which causes I/O log data
+ to be written immediately to disk instead of being buffered.
+ * I/O log files are now created with group ID 0 by default unless
+ the "iolog_user" or "iolog_group" options are set in sudoers.
+ * It is now possible to store I/O log files on an NFS-mounted
+ file system where uid 0 is remapped to an unprivileged user.
+ The "iolog_user" option must be set to a non-root user and the
+ top-level I/O log directory must exist and be owned by that user.
+ * Added the restricted_env_file setting to sudoers which is similar
+ to env_file but its contents are subject to the same restrictions
+ as variables in the invoking user's environment.
+ * Fixed a use after free bug in the SSSD backend when the fqdn
+ sudoOption is enabled and no hostname value is present in
+ /etc/sssd/sssd.conf.
+ * Fixed a typo that resulted in a compilation error on systems
+ where the killpg() function is not found by configure.
+
+ * Fixed a compilation error with the included version of zlib
+ when sudo was built outside the source tree.
+ * Fixed the exit value of sudo when the command is terminated by
+ a signal other than SIGINT. This was broken in sudo 1.8.15 by
+ the fix for Bug #722. Bug #784.
+ * Fixed a regression introduced in sudo 1.8.18 where the "lecture"
+ option could not be used in a positive boolean context, only
+ a negative one.
+ * Fixed an issue where sudo would consume stdin if it was not
+ connected to a tty even if log_input is not enabled in sudoers.
+ Bug #786.
+ * Clarify in the sudoers manual that the #includedir directive
+ diverts control to the files in the specified directory and,
+ when parsing of those files is complete, returns control to the
+ original file. Bug #775.
+
+-------------------------------------------------------------------
Old:
----
sudo-1.8.19p2-CVE-2017-1000367.patch
sudo-1.8.19p2-decrement_env_len.patch
sudo-1.8.19p2-dont_overwrite_ret_val.patch
sudo-1.8.19p2.tar.gz
sudo-1.8.19p2.tar.gz.sig
New:
----
sudo-1.8.20p2.tar.gz
sudo-1.8.20p2.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sudo.spec ++++++
--- /var/tmp/diff_new_pack.DMkLKx/_old 2017-06-04 01:49:12.630212215 +0200
+++ /var/tmp/diff_new_pack.DMkLKx/_new 2017-06-04 01:49:12.630212215 +0200
@@ -17,7 +17,7 @@
Name: sudo
-Version: 1.8.19p2
+Version: 1.8.20p2
Release: 0
Summary: Execute some commands as root
License: ISC
@@ -33,9 +33,6 @@
Patch0: sudoers2ldif-env.patch
# PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
Patch1: sudo-sudoers.patch
-Patch2: sudo-1.8.19p2-decrement_env_len.patch
-Patch3: sudo-1.8.19p2-dont_overwrite_ret_val.patch
-Patch4: sudo-1.8.19p2-CVE-2017-1000367.patch
BuildRequires: audit-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: groff
@@ -77,9 +74,6 @@
%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
%build
%ifarch s390 s390x %sparc
@@ -162,6 +156,7 @@
%{_mandir}/man8/visudo.8*
%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
+%config %attr(0440,root,root) /etc/sudoers.dist
%dir %{_sysconfdir}/sudoers.d
%config %{_sysconfdir}/pam.d/sudo
%attr(4755,root,root) %{_bindir}/sudo
++++++ sudo-1.8.19p2.tar.gz -> sudo-1.8.20p2.tar.gz ++++++
++++ 72705 lines of diff (skipped)
