Hello community, here is the log from the commit of package sudo.1396 for openSUSE:12.2:Update checked in at 2013-03-20 10:45:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/sudo.1396 (Old) and /work/SRC/openSUSE:12.2:Update/.sudo.1396.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo.1396", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:12.2:Update/.sudo.1396.new/sudo.changes 2013-03-20 10:45:44.000000000 +0100 @@ -0,0 +1,992 @@ +------------------------------------------------------------------- +Fri Mar 1 11:12:28 UTC 2013 - vci...@suse.com + +- added two security fixes: + * CVE-2013-1775 (bnc#806919) + + sudo-1.8.6p3-CVE-2013-1775.patch + * CVE-2013-1776 (bnc#806921) + + sudo-1.8.6p3-CVE-2013-1776.patch + +------------------------------------------------------------------- +Wed Jun 13 19:08:05 CEST 2012 - vu...@opensuse.org + +- Update to version 1.8.5p2: + + Fixed use of the SUDO_ASKPASS environment variable which was + broken in Sudo 1.8.5. + + Fixed a problem reading the sudoers file when the file mode is + more restrictive than the expected mode. For example, when the + expected sudoers file mode is 0440 but the actual mode is 0400. +- Changes from version 1.8.5p1: + + Fixed a bug that prevented files in an include directory from + being evaluated. + +------------------------------------------------------------------- +Wed May 16 15:27:32 UTC 2012 - vci...@suse.com + +- update to 1.8.5 + Some of the changes: + * /etc/environment is no longer read directly on Linux systems when + PAM is used. Sudo now merges the PAM environment into the user's + environment which is typically set by the pam_env module. + * The plugin API has been extended + * The policy plugin's init_session function is now called by the + parent sudo process, not the child process that executes the command + This allows the PAM session to be open and closed in the same process, + which some PAM modules require. + * A new group provider plugin, system_group, is included + * Fixed a potential security issue in the matching of hosts against + an IPv4 network specified in sudoers.The flaw may allow a user who + is authorized to run commands on hosts belonging to one IPv4 + network to run commands on a different host (CVE-2012-2337) + +------------------------------------------------------------------- +Fri Mar 9 14:19:44 UTC 2012 - vci...@suse.com + +- update to 1.8.4p2 + Some of the changes: + * The -D flag in sudo has been replaced with a more general + debugging framework that is configured in sudo.conf. + * Fixed a crash with sudo -i when a runas group was specified + without a runas user. + * New Serbian and Spanish translations for sudo from translationproject.org. + LDAP-based sudoers may now access by group ID in addition to group name. + * visudo will now fix the mode on the sudoers file even if no + changes are made unless the -f option is specified. + * On systems that use login.conf, sudo -i now sets environment + variables based on login.conf + * values in the LDAP search expression are now escaped as per RFC 4515 + * The deprecated "noexec_file" sudoers option is no longer supported. + * Fixed a race condition when I/O logging is not enabled that could + result in tty-generated signals (e.g. control-C) being received + by the command twice. + * visudo -c will now list any include files that were checked in + addition to the main sudoers file when everything parses OK. + * Users that only have read-only access to the sudoers file may + now run visudo -c. Previously, write permissions were required + even though no writing is down in check-only mode. + +------------------------------------------------------------------- +Tue Jan 31 12:30:58 UTC 2012 - vci...@suse.com + +- update to 1.8.3p2 + * Fixed a format string vulnerability when the sudo binary + (or a symbolic link to the sudo binary) contains printf + format escapes and the -D (debugging) flag is used. + +------------------------------------------------------------------- +Wed Jan 25 15:09:14 UTC 2012 - vci...@suse.com + +- honour global CFLAGS and LDFLAGS when compiling sesh, + to avoid rpmlint error (bnc#743157) + +------------------------------------------------------------------- +Wed Jan 4 16:54:23 UTC 2012 - vci...@suse.com + +- update to sudo-1.8.3p1 + * Fixed a crash in the monitor process on Solaris when NOPASSWD + was specified or when authentication was disabled. + * Fixed matching of a Runas_Alias in the group section of a Runas_Spec. + +------------------------------------------------------------------- +Wed Dec 28 06:45:07 UTC 2011 - a...@suse.de + +- Set timedir correctly + +------------------------------------------------------------------- +Mon Oct 24 08:42:33 UTC 2011 - vci...@suse.com + +- update to sudo-1.8.3 + - Fixed expansion of strftime() escape sequences + in the log_dir sudoers setting. + - Esperanto, Italian and Japanese + translations from translationproject.org. + - Added --enable-werror configure option for gcc's + -Werror flag. - Visudo no longer + assumes all editors support the +linenumber command line argument. + It now uses a whitelist of editors known to support the option. + - Fixed matching of network addresses when a netmask is specified but + the address is not the first one in the CIDR block. + - The configure script now check whether or not errno.h declares the + errno variable. Previously, sudo would always declare errno itself + for older systems that don't declare it in errno.h. + - The NOPASSWD tag is now honored for denied commands too, + which matches historic sudo behavior (prior to sudo 1.7.0). + - Sudo now honors the DEREF + setting in ldap.conf which controls how alias dereferencing is done + during an LDAP search. + - A symbol conflict with the + pam_ssh_agent_auth PAM module that would cause a crash been + resolved. + - The inability to load a group provider plugin is no + longer a fatal error. + - A potential crash in the utmp handling + code has been fixed. + - Two PAM session issues have been resolved. + In previous versions of sudo, the PAM session was opened as one + user and closed as another. Additionally, if no authentication was + performed, the PAM session would never be closed. + - The LOGNAME, + USER and USERNAME environment variables are preserved correctly + again in sudoedit mode. +- grp-include.patch no longer needed + +------------------------------------------------------------------- +Thu Oct 13 00:59:49 UTC 2011 - prus...@opensuse.org + +- updated to sudo-1.8.2 + * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural + language support (NLS). This can be disabled by passing configure + the --disable-nls option. Sudo will use gettext(), if available, + to display translated messages. All translations are coordinated + via The Translation Project, http://translationproject.org/. + * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of + RTLD_LOCAL. This fixes missing symbol problems in PAM modules + on certain platforms, such as FreeBSD and SuSE Linux Enterprise. + * I/O logging is now supported for commands run in background mode + (using sudo's -b flag). + * Group ownership of the sudoers file is now only enforced when + the file mode on sudoers allows group readability or writability. + * Visudo now checks the contents of an alias and warns about cycles + when the alias is expanded. + * If the user specifes a group via sudo's -g option that matches + the target user's group in the password database, it is now + allowed even if no groups are present in the Runas_Spec. + * The sudo Makefiles now have more complete dependencies which are + automatically generated instead of being maintained manually. + * The "use_pty" sudoers option is now correctly passed back to the + sudo front end. This was missing in previous versions of sudo + 1.8 which prevented "use_pty" from being honored. + * "sudo -i command" now works correctly with the bash version + 2.0 and higher. Previously, the .bash_profile would not be + sourced prior to running the command unless bash was built with + NON_INTERACTIVE_LOGIN_SHELLS defined. + * When matching groups in the sudoers file, sudo will now match + based on the name of the group instead of the group ID. This can + substantially reduce the number of group lookups for sudoers + files that contain a large number of groups. + * Multi-factor authentication is now supported on AIX. + * Added support for non-RFC 4517 compliant LDAP servers that require + that seconds be present in a timestamp, such as Tivoli Directory Server. + * If the group vector is to be preserved, the PATH search for the + command is now done with the user's original group vector. + * For LDAP-based sudoers, the "runas_default" sudoOption now works + properly in a sudoRole that contains a sudoCommand. + * Spaces in command line arguments for "sudo -s" and "sudo -i" are + now escaped with a backslash when checking the security policy. +- added missing include (grp-include.patch) + +------------------------------------------------------------------- +Fri May 20 12:10:45 UTC 2011 - pu...@novell.com + +- update to sudo-1.8.1p2 + - Two-character CIDR-style IPv4 netmasks are now matched + correctly in the sudoers file. + - A non-existent includedir is now treated the same as an empty + directory and not reported as an error. + - Removed extraneous parens in LDAP filter when + sudoers_search_filter is enabled that can cause an LDAP search + error. + - A new LDAP setting, sudoers_search_filter, has been added to + ldap.conf. This setting can be used to restrict the set of + records returned by the LDAP query. Based on changes from + Matthew Thomas. + - White space is now permitted within a User_List when used in + conjunction with a per-user Defaults definition. + - A group ID (%#gid) may now be specified in a User_List or + Runas_List. Likewise, for non-Unix groups the syntax is + %:#gid. ++++ 795 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.sudo.1396.new/sudo.changes New: ---- README.SUSE sudo-1.8.5p2.tar.gz sudo-1.8.6p3-CVE-2013-1775.patch sudo-1.8.6p3-CVE-2013-1776.patch sudo-sudoers.patch sudo.changes sudo.pamd sudo.spec sudoers2ldif-env.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ # # spec file for package sudo # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: sudo Version: 1.8.5p2 Release: 0 Summary: Execute some commands as root License: BSD-3-Clause Group: System/Base Url: http://www.sudo.ws/ Source0: http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz Source1: sudo.pamd Source2: README.SUSE Patch0: sudoers2ldif-env.patch Patch1: sudo-sudoers.patch Patch2: sudo-1.8.6p3-CVE-2013-1775.patch Patch3: sudo-1.8.6p3-CVE-2013-1776.patch BuildRequires: audit-devel BuildRequires: libselinux-devel BuildRequires: openldap2-devel BuildRequires: pam-devel Requires(pre): coreutils Requires(pre): permissions BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Sudo is a command that allows users to execute some commands as root. The /etc/sudoers file (edited with 'visudo') specifies which users have access to sudo and which commands they can run. Sudo logs all its activities to syslogd, so the system administrator can keep an eye on things. Sudo asks for the password for initializing a check period of a given time N (where N is defined at installation and is set to 5 minutes by default). %package devel Summary: Header files needed for sudo plugin development Group: Development/Libraries/C and C++ %description devel These header files are needed for building of sudo plugins. %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %build %ifarch s390 s390x %sparc F_PIE=-fPIE %else F_PIE=-fpie %endif export CFLAGS="%{optflags} -Wall $F_PIE -DLDAP_DEPRECATED" export LDFLAGS="-pie" %configure \ --libexecdir=%{_libexecdir}/sudo \ --docdir=%{_docdir}/%{name} \ --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \ --with-pam \ --with-ldap \ --with-selinux \ --with-linux-audit \ --with-logfac=auth \ --with-insults \ --with-all-insults \ --with-ignore-dot \ --with-tty-tickets \ --enable-shell-sets-home \ --enable-warnings \ --with-sendmail=%{_sbindir}/sendmail \ --with-sudoers-mode=0440 \ --with-env-editor \ --without-secure-path \ --with-passprompt='%%p\x27s password:' \ --with-timedir=%{_localstatedir}/lib/sudo make %{?_smp_mflags} %install %make_install install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir} rm -f %{buildroot}%{_bindir}/sudoedit ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/ rm -f %{buildroot}%{_docdir}/%{name}/sample.pam rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP rm -f %{buildroot}%{_libexecdir}/%{name}/sudoers.la %find_lang %{name} %find_lang sudoers cat sudoers.lang >> %{name}.lang %post chmod 0440 %{_sysconfdir}/sudoers %if 0%{?suse_version} <= 1130 %run_permissions %else %set_permissions /usr/bin/sudo %endif %verifyscript %verify_permissions -e /usr/bin/sudo %clean rm -rf %{buildroot} %files -f %{name}.lang %defattr(-,root,root) %doc %{_docdir}/%{name} %doc %{_mandir}/man?/* %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers %dir %{_sysconfdir}/sudoers.d %config %{_sysconfdir}/pam.d/sudo %attr(4755,root,root) %{_bindir}/sudo %dir %{_sysconfdir}/openldap %dir %{_sysconfdir}/openldap/schema %attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema %{_bindir}/sudoedit %{_bindir}/sudoreplay %{_sbindir}/visudo %attr(0755,root,root) %{_sbindir}/sudoers2ldif %{_libexecdir}/sudo %attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/sudo %files devel %defattr(-,root,root) %{_includedir}/sudo_plugin.h %changelog ++++++ README.SUSE ++++++ In the default (ie unconfigured) configuration sudo asks for root password. This allows to use an ordinary user account for administration of a freshly installed system. When configuring sudo, please make sure to delete the two following lines: Defaults targetpw # ask for the password of the target user i.e. root %users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! ++++++ sudo-1.8.6p3-CVE-2013-1775.patch ++++++ 63210a2b8f2f199b521f6c8213bb29775c09375c plugins/sudoers/check.c | 53 +++++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 25 deletions(-) Index: sudo-1.8.5p2/plugins/sudoers/check.c =================================================================== --- sudo-1.8.5p2.orig/plugins/sudoers/check.c 2012-05-17 21:47:22.000000000 +0200 +++ sudo-1.8.5p2/plugins/sudoers/check.c 2013-03-01 13:21:25.093839305 +0100 @@ -620,31 +620,34 @@ timestamp_status(char *timestampdir, cha */ if (status == TS_OLD && !ISSET(flags, TS_REMOVE)) { mtim_get(&sb, &mtime); - /* Negative timeouts only expire manually (sudo -k). */ - if (def_timestamp_timeout < 0 && mtime.tv_sec != 0) - status = TS_CURRENT; - else { - now = time(NULL); - if (def_timestamp_timeout && - now - mtime.tv_sec < 60 * def_timestamp_timeout) { - /* - * Check for bogus time on the stampfile. The clock may - * have been set back or someone could be trying to spoof us. - */ - if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { - time_t tv_sec = (time_t)mtime.tv_sec; - log_error(0, - _("timestamp too far in the future: %20.20s"), - 4 + ctime(&tv_sec)); - if (timestampfile) - (void) unlink(timestampfile); - else - (void) rmdir(timestampdir); - status = TS_MISSING; - } else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) { - status = TS_OLD; - } else { - status = TS_CURRENT; + if (timevalisset(&mtime)) { + /* Negative timeouts only expire manually (sudo -k). */ + if (def_timestamp_timeout < 0) { + status = TS_CURRENT; + } else { + now = time(NULL); + if (def_timestamp_timeout && + now - mtime.tv_sec < 60 * def_timestamp_timeout) { + /* + * Check for bogus time on the stampfile. The clock may + * have been set back or user could be trying to spoof us. + */ + if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) { + time_t tv_sec = (time_t)mtime.tv_sec; + log_error(0, + _("timestamp too far in the future: %20.20s"), + 4 + ctime(&tv_sec)); + if (timestampfile) + (void) unlink(timestampfile); + else + (void) rmdir(timestampdir); + status = TS_MISSING; + } else if (get_boottime(&boottime) && + timevalcmp(&mtime, &boottime, <)) { + status = TS_OLD; + } else { + status = TS_CURRENT; + } } } } ++++++ sudo-1.8.6p3-CVE-2013-1776.patch ++++++ 2b18d55589975e70dd98f24bca5b0aaabc56a9b5 plugins/sudoers/check.c | 4 +++- plugins/sudoers/sudoers.c | 4 ++++ plugins/sudoers/sudoers.h | 3 ++- 3 files changed, 9 insertions(+), 2 deletions(-) Index: sudo-1.8.5p2/plugins/sudoers/check.c =================================================================== --- sudo-1.8.5p2.orig/plugins/sudoers/check.c 2013-03-01 13:21:09.917389746 +0100 +++ sudo-1.8.5p2/plugins/sudoers/check.c 2013-03-01 13:21:09.933390221 +0100 @@ -82,6 +82,7 @@ static struct tty_info { dev_t rdev; /* tty device ID */ ino_t ino; /* tty inode number */ struct timeval ctime; /* tty inode change time */ + pid_t sid; /* ID of session with controlling tty */ } tty_info; static int build_timestamp(char **, char **); @@ -135,13 +136,14 @@ check_user(int validated, int mode) if (!need_pass) goto done; - /* Stash the tty's ctime for tty ticket comparison. */ + /* Stash the tty's device, session ID and ctime for ticket comparison. */ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { tty_info.dev = sb.st_dev; tty_info.ino = sb.st_ino; tty_info.rdev = sb.st_rdev; if (tty_is_devpts(user_ttypath)) ctim_get(&sb, &tty_info.ctime); + tty_info.sid = user_sid; } if (build_timestamp(×tampdir, ×tampfile) == -1) { Index: sudo-1.8.5p2/plugins/sudoers/sudoers.c =================================================================== --- sudo-1.8.5p2.orig/plugins/sudoers/sudoers.c 2012-05-29 20:11:35.000000000 +0200 +++ sudo-1.8.5p2/plugins/sudoers/sudoers.c 2013-03-01 13:21:09.934390250 +0100 @@ -1398,6 +1398,10 @@ deserialize_info(char * const args[], ch sudo_user.cols = atoi(*cur + sizeof("cols=") - 1); continue; } + if (MATCHES(*cur, "sid=")) { + sudo_user.sid = atoi(*cur + sizeof("sid=") - 1); + continue; + } } if (user_cwd == NULL) user_cwd = "unknown"; Index: sudo-1.8.5p2/plugins/sudoers/sudoers.h =================================================================== --- sudo-1.8.5p2.orig/plugins/sudoers/sudoers.h 2012-05-15 18:22:03.000000000 +0200 +++ sudo-1.8.5p2/plugins/sudoers/sudoers.h 2013-03-01 13:21:09.934390250 +0100 @@ -88,6 +88,7 @@ struct sudo_user { int cols; uid_t uid; uid_t gid; + pid_t sid; }; /* @@ -155,8 +156,8 @@ struct sudo_user { #define user_name (sudo_user.name) #define user_uid (sudo_user.uid) #define user_gid (sudo_user.gid) +#define user_sid (sudo_user.sid) #define user_passwd (sudo_user.pw->pw_passwd) -#define user_uuid (sudo_user.uuid) #define user_dir (sudo_user.pw->pw_dir) #define user_group_list (sudo_user.group_list) #define user_tty (sudo_user.tty) ++++++ sudo-sudoers.patch ++++++ Index: sudo-1.8.0/plugins/sudoers/sudoers.in =================================================================== --- sudo-1.8.0.orig/plugins/sudoers/sudoers.in +++ sudo-1.8.0/plugins/sudoers/sudoers.in @@ -31,37 +31,36 @@ ## ## Defaults specification ## -## You may wish to keep some of the following environment variables -## when running commands via sudo. -## -## Locale settings -# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" -## -## Run X applications through sudo; HOME is used to find the -## .Xauthority file. Note that other programs use HOME to find -## configuration files and this may lead to privilege escalation! -# Defaults env_keep += "HOME" -## -## X11 resource path settings -# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" -## -## Desktop path settings -# Defaults env_keep += "QTDIR KDEDIR" -## -## Allow sudo-run commands to inherit the callers' ConsoleKit session -# Defaults env_keep += "XDG_SESSION_COOKIE" -## -## Uncomment to enable special input methods. Care should be taken as -## this may allow users to subvert the command being run via sudo. -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" +## Prevent environment variables from influencing programs in an +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) +Defaults always_set_home +Defaults env_reset +## Change env_reset to !env_reset in previous line to keep all environment variables +## Following list will no longer be necessary after this change + +Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" +## Comment out the preceding line and uncomment the following one if you need +## to use special input methods. This may allow users to compromise the root +## account if they are allowed to run commands without authentication. +#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" + +## Do not insult users when they enter an incorrect password. +Defaults !insults + ## ## Uncomment to enable logging of a command's output, except for ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output -# Defaults!/usr/local/bin/sudoreplay !log_output # Defaults!/sbin/reboot !log_output +## In the default (unconfigured) configuration, sudo asks for the root password. +## This allows use of an ordinary user account for administration of a freshly +## installed system. When configuring sudo, delete the two +## following lines: +Defaults targetpw # ask for the password of the target user i.e. root +ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! + ## ## Runas alias specification ## @@ -77,14 +76,6 @@ root ALL=(ALL) ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL -## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL) ALL - -## Uncomment to allow any user to run sudo if they know the password -## of the user they are running the command as (root by default). -# Defaults targetpw # Ask for the password of the target user -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' - ## Read drop-in files from @sysconfdir@/sudoers.d ## (the '#' here does not indicate a comment) #includedir @sysconfdir@/sudoers.d ++++++ sudo.pamd ++++++ #%PAM-1.0 auth include common-auth account include common-account password include common-password session include common-session # session optional pam_xauth.so ++++++ sudoers2ldif-env.patch ++++++ Index: sudo-1.8.0/plugins/sudoers/sudoers2ldif =================================================================== --- sudo-1.8.0.orig/plugins/sudoers/sudoers2ldif +++ sudo-1.8.0/plugins/sudoers/sudoers2ldif @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/bin/perl use strict; # -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org