Hello community, here is the log from the commit of package sudo for openSUSE:Factory checked in at 2014-01-17 11:16:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sudo (Old) and /work/SRC/openSUSE:Factory/.sudo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo" Changes: -------- --- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2013-10-08 20:35:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes 2014-01-23 15:56:56.000000000 +0100 @@ -1,0 +2,40 @@ +Tue Jan 14 10:49:21 UTC 2014 - vci...@suse.com + +- update to 1.8.9p3 +- set secure_path to /usr/sbin:/usr/bin:/sbin:/bin +- changes since 1.8.8: + * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name + from being resolved properly on Linux systems. Bug #630. + * Updated config.guess, config.sub and libtool to support the ppc64le + architecture (IBM PowerPC Little Endian). + * Fixed a problem with gcc 4.8's handling of bit fields that could + lead to the noexec flag being enabled even when it was not + explicitly set. + * Reworked sudo's main event loop to use a simple event subsystem + using poll(2) or select(2) as the back end. + * It is now possible to statically compile the sudoers plugin into + the sudo binary without disabling shared library support. The + sudo.conf file may still be used to configure other plugins. + * Sudo can now be compiled again with a C preprocessor that does + not support variadic macros. + * Visudo can now export a sudoers file in JSON format using the + new -x flag. + * The locale is now set correctly again for visudo and sudoreplay. + * The plugin API has been extended to allow the plugin to exclude + specific file descriptors from the "closefrom" range. + * There is now a workaround for a Solaris-specific problem where + NOEXEC was overriding traditional root DAC behavior. + * Add user netgroup filtering for SSSD. Previously, rules for + a netgroup were applied to all even when they did not belong + to the specified netgroup. + * On systems with BSD login classes, if the user specified a group + (not a user) to run the command as, it was possible to specify + a different login class even when the command was not run as the + super user. + * The closefrom() emulation on Mac OS X now uses /dev/fd if possible. + * Fixed a bug where sudoedit would not update the original file + from the temporary when PAM or I/O logging is not enabled. + * When recycling I/O logs, the log files are now truncated properly. + * Fixes bugs #617, #621, #622, #623, #624, #625, #626 + +------------------------------------------------------------------- Old: ---- sudo-1.8.8.tar.gz New: ---- sudo-1.8.9p3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.Om3071/_old 2014-01-23 15:56:57.000000000 +0100 +++ /var/tmp/diff_new_pack.Om3071/_new 2014-01-23 15:56:57.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package sudo # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: sudo -Version: 1.8.8 +Version: 1.8.9p3 Release: 0 Summary: Execute some commands as root License: ISC ++++++ sudo-sudoers.patch ++++++ --- /var/tmp/diff_new_pack.Om3071/_old 2014-01-23 15:56:57.000000000 +0100 +++ /var/tmp/diff_new_pack.Om3071/_new 2014-01-23 15:56:57.000000000 +0100 @@ -1,8 +1,8 @@ -Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in +Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in =================================================================== ---- sudo-1.8.6p3.orig/plugins/sudoers/sudoers.in 2012-09-18 15:56:30.000000000 +0200 -+++ sudo-1.8.6p3/plugins/sudoers/sudoers.in 2013-06-11 15:23:30.510228590 +0200 -@@ -31,37 +31,36 @@ +--- sudo-1.8.9p3.orig/plugins/sudoers/sudoers.in 2014-01-07 19:08:50.000000000 +0100 ++++ sudo-1.8.9p3/plugins/sudoers/sudoers.in 2014-01-14 12:06:45.178813991 +0100 +@@ -31,37 +31,38 @@ ## ## Defaults specification ## @@ -32,6 +32,8 @@ +## Prevent environment variables from influencing programs in an +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) +Defaults always_set_home ++## Path that will be used for every command run from sudo ++Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin" +Defaults env_reset +## Change env_reset to !env_reset in previous line to keep all environment variables +## Following list will no longer be necessary after this change @@ -63,7 +65,7 @@ ## ## Runas alias specification ## -@@ -77,14 +76,6 @@ root ALL=(ALL) ALL +@@ -77,14 +78,6 @@ root ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL @@ -78,11 +80,11 @@ ## Read drop-in files from @sysconfdir@/sudoers.d ## (the '#' here does not indicate a comment) #includedir @sysconfdir@/sudoers.d -Index: sudo-1.8.6p3/doc/sudoers.mdoc.in +Index: sudo-1.8.9p3/doc/sudoers.mdoc.in =================================================================== ---- sudo-1.8.6p3.orig/doc/sudoers.mdoc.in 2012-09-18 15:57:43.000000000 +0200 -+++ sudo-1.8.6p3/doc/sudoers.mdoc.in 2013-06-11 15:27:23.331273355 +0200 -@@ -1468,7 +1468,7 @@ is present in the +--- sudo-1.8.9p3.orig/doc/sudoers.mdoc.in 2014-01-07 19:08:50.000000000 +0100 ++++ sudo-1.8.9p3/doc/sudoers.mdoc.in 2014-01-14 11:46:33.718336561 +0100 +@@ -1609,7 +1609,7 @@ is present in the .Em env_keep list. This flag is @@ -91,7 +93,7 @@ by default. .It authenticate If set, users must authenticate themselves via a password (or other -@@ -1712,7 +1712,7 @@ If set, +@@ -1910,7 +1910,7 @@ If set, .Nm sudo will insult users when they enter an incorrect password. This flag is @@ -100,7 +102,7 @@ by default. .It log_host If set, the host name will be logged in the (non-syslog) -@@ -2121,7 +2121,7 @@ database as an argument to the +@@ -2363,7 +2363,7 @@ database as an argument to the .Fl u option. This flag is -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org