commit sudo for openSUSE:Factory

2020-09-14 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-09-14 12:03:54

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.4249 (New)


Package is "sudo"

Mon Sep 14 12:03:54 2020 rev:115 rq:833520 version:1.9.2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-09-01 
20:05:43.524546312 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.4249/sudo.changes  2020-09-14 
12:05:30.651760510 +0200
@@ -1,0 +2,7 @@
+Mon Sep  7 08:01:05 UTC 2020 - Marco Varlese 
+
+- Modified the secure_path to include the other two default paths 
+  which are commonly available to $user. This will offer a better
+  and more consistent UX.
+
+---



Other differences:
--

++ sudo-sudoers.patch ++
--- /var/tmp/diff_new_pack.sOLckM/_old  2020-09-14 12:05:31.367761246 +0200
+++ /var/tmp/diff_new_pack.sOLckM/_new  2020-09-14 12:05:31.367761246 +0200
@@ -34,7 +34,7 @@
 +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
 +Defaults always_set_home
 +## Path that will be used for every command run from sudo
-+Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
++Defaults 
secure_path="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/usr/local/sbin"
 +Defaults env_reset
 +## Change env_reset to !env_reset in previous line to keep all environment 
variables
 +## Following list will no longer be necessary after this change




commit sudo for openSUSE:Factory

2020-09-01 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-09-01 20:04:43

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.3399 (New)


Package is "sudo"

Tue Sep  1 20:04:43 2020 rev:114 rq:830736 version:1.9.2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-07-28 
17:24:06.949821512 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.3399/sudo.changes  2020-09-01 
20:05:43.524546312 +0200
@@ -1,0 +2,5 @@
+Tue Aug 25 10:10:10 UTC 2020 - o...@aepfle.de
+
+- This rpm packages decides about the permissions of /etc/sudoers.d
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.XjPABk/_old  2020-09-01 20:05:44.912546961 +0200
+++ /var/tmp/diff_new_pack.XjPABk/_new  2020-09-01 20:05:44.916546963 +0200
@@ -195,7 +195,7 @@
 %{_mandir}/man8/sudo_sendlog.8%{?ext_man}
 
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
-%dir %{_sysconfdir}/sudoers.d
+%attr(0750,root,root) %dir %{_sysconfdir}/sudoers.d
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sudo.conf
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sudo_logsrvd.conf
 %if %{defined use_usretc}





commit sudo for openSUSE:Factory

2020-07-28 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-07-28 17:23:34

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.3592 (New)


Package is "sudo"

Tue Jul 28 17:23:34 2020 rev:113 rq:822941 version:1.9.2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-07-06 
16:14:00.788346045 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.3592/sudo.changes  2020-07-28 
17:24:06.949821512 +0200
@@ -1,0 +2,16 @@
+Fri Jul 24 08:47:34 UTC 2020 - Paolo Stivanin 
+
+- Update to 1.9.2:
+  * The configure script now uses pkg-config to find the openssl cflags
+and libs where possible.
+  * The contents of the log.json I/O log file is now documented in
+the sudoers manual.
+  * The sudoers plugin now properly exports the sudoers_audit symbol
+on systems where the compiler lacks symbol visibility controls.
+This caused a regression in 1.9.1 where a successful sudo command
+was not logged due to the missing audit plugin. Bug #931.
+  * Fixed a regression introduced in 1.9.1 that can result in crash
+when there is a syntax error in the sudoers file. Bug #934.
+- Rebase sudo-sudoers.patch
+
+---

Old:

  sudo-1.9.1.tar.gz
  sudo-1.9.1.tar.gz.sig

New:

  sudo-1.9.2.tar.gz
  sudo-1.9.2.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.Hz1bRy/_old  2020-07-28 17:24:08.361823114 +0200
+++ /var/tmp/diff_new_pack.Hz1bRy/_new  2020-07-28 17:24:08.365823118 +0200
@@ -22,7 +22,7 @@
 %define use_usretc 1
 %endif
 Name:   sudo
-Version:1.9.1
+Version:1.9.2
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.9.1.tar.gz -> sudo-1.9.2.tar.gz ++
 24660 lines of diff (skipped)

++ sudo-sudoers.patch ++
--- /var/tmp/diff_new_pack.Hz1bRy/_old  2020-07-28 17:24:09.005823845 +0200
+++ /var/tmp/diff_new_pack.Hz1bRy/_new  2020-07-28 17:24:09.005823845 +0200
@@ -67,7 +67,7 @@
  ##
  ## Runas alias specification
  ##
-@@ -84,14 +83,6 @@ root ALL=(ALL) ALL
+@@ -84,13 +84,5 @@
  ## Same thing without a password
  # %wheel ALL=(ALL) NOPASSWD: ALL
  
@@ -80,8 +80,7 @@
 -# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults 
targetpw'
 -
  ## Read drop-in files from @sysconfdir@/sudoers.d
- ## (the '#' here does not indicate a comment)
- #includedir @sysconfdir@/sudoers.d
+ @includedir @sysconfdir@/sudoers.d
 Index: sudo-1.8.31/doc/sudoers.mdoc.in
 ===
 --- sudo-1.8.31.orig/doc/sudoers.mdoc.in




commit sudo for openSUSE:Factory

2020-07-06 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-07-06 16:13:54

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.3060 (New)


Package is "sudo"

Mon Jul  6 16:13:54 2020 rev:112 rq:818179 version:1.9.1

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-06-25 
16:46:56.260874981 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.3060/sudo.changes  2020-07-06 
16:14:00.788346045 +0200
@@ -1,0 +2,6 @@
+Mon Jun 29 14:07:41 UTC 2020 - Thorsten Kukuk 
+
+- Move python plugin support to own sub-package, we don't want
+  python in a really minimal system [bsc#1173200]
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.D0De2X/_old  2020-07-06 16:14:01.524348301 +0200
+++ /var/tmp/diff_new_pack.D0De2X/_new  2020-07-06 16:14:01.528348313 +0200
@@ -49,6 +49,7 @@
 BuildRequires:  zlib-devel
 Requires(pre):  coreutils
 Requires(pre):  permissions
+Recommends: sudo-plugin-python
 
 %description
 Sudo is a command that allows users to execute some commands as root.
@@ -59,6 +60,16 @@
 given time N (where N is defined at installation and is set to 5
 minutes by default).
 
+%package plugin-python
+Summary:Plugin API for python
+Group:  System/Base
+Requires:   %{name} = %{version}
+
+%description plugin-python
+This package contains the sudo plugin which allows to write sudo plugins
+in python. The API closely follows the C sudo plugin API described by
+sudo_plugin(5).
+
 %package devel
 Summary:Header files needed for sudo plugin development
 Group:  Development/Libraries/C and C++
@@ -181,7 +192,6 @@
 %{_mandir}/man5/sudo_logsrv.proto.5%{?ext_man}
 %{_mandir}/man5/sudo_logsrvd.conf.5%{?ext_man}
 %{_mandir}/man8/sudo_logsrvd.8%{?ext_man}
-%{_mandir}/man8/sudo_plugin_python.8%{?ext_man}
 %{_mandir}/man8/sudo_sendlog.8%{?ext_man}
 
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
@@ -214,13 +224,16 @@
 %{_libexecdir}/%{name}/%{name}/system_group.so
 %{_libexecdir}/%{name}/%{name}/audit_json.so
 %{_libexecdir}/%{name}/%{name}/sample_approval.so
-%{_libexecdir}/%{name}/%{name}/python_plugin.so
 %{_libexecdir}/%{name}/libsudo_util.so.*
 %attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
 %attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts
 %dir %{_tmpfilesdir}
 %{_tmpfilesdir}/sudo.conf
 
+%files plugin-python
+%{_mandir}/man8/sudo_plugin_python.8%{?ext_man}
+%{_libexecdir}/%{name}/%{name}/python_plugin.so
+
 %files devel
 %doc plugins/sample/sample_plugin.c
 %{_includedir}/sudo_plugin.h





commit sudo for openSUSE:Factory

2020-06-25 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-06-25 16:46:26

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.3060 (New)


Package is "sudo"

Thu Jun 25 16:46:26 2020 rev:111 rq:816529 version:1.9.1

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-05-20 
18:37:25.820226682 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.3060/sudo.changes  2020-06-25 
16:46:56.260874981 +0200
@@ -1,0 +2,58 @@
+Fri Jun 19 07:13:21 UTC 2020 - Vítězslav Čížek 
+
+- Update to 1.9.1
+  * Fixed an AIX-specific problem when I/O logging was enabled.
+ The terminal device was not being properly set to raw mode.
+ Bug #927.
+   * Corrected handling of sudo_logsrvd connections without associated
+ I/O log data.  This fixes support for RejectMessage as well as
+ AcceptMessage when the expect_iobufs flag is not set.
+   * Added an "iolog_path" entry to the JSON-format event log produced
+ by sudo_logsrvd.  Previously, it was only possible to determine
+ the I/O log file an event belonged to using sudo-format logs.
+   * Fixed the bundle IDs for sudo-logsrvd and sudo-python macOS packages.
+   * I/O log files produced by the sudoers plugin now clear the write
+ bits on the I/O log timing file when the log is complete.  This
+ is consistent with how sudo_logsrvd indicates that a log is
+ complete.
+   * The sudoreplay utility has a new "-F" (follow) command line
+ option to allow replaying a session that is still in progress,
+ similar to "tail -f".
+   * The @include and @includedir directives can be used in sudoers
+ instead of #include and #includedir.  In addition, include paths
+ may now have embedded white space by either using a double-quoted
+ string or escaping the space characters with a backslash.
+   * When running a command in a pty, sudo will no longer try to
+ suspend itself if the user's tty has been revoked (for instance
+ when the parent ssh daemon is killed).  This fixes a bug where
+ sudo would continuously suspend the command (which would succeed),
+ then suspend itself (which would fail due to the missing tty)
+ and then resume the command.
+   * If sudo's event loop fails due to the tty being revoked, remove
+ the user's tty events and restart the event loop (once).  This
+ fixes a problem when running "sudo reboot" in a pty on some
+ systems.  When the event loop exited unexpectedly, sudo would
+ kill the command running in the pty, which in the case of "reboot",
+ could lead to the system being in a half-rebooted state.
+   * Fixed a regression introduced in sudo 1.8.23 in the LDAP and
+ SSSD back-ends where a missing sudoHost attribute was treated
+ as an "ALL" wildcard value.  A sudoRole with no sudoHost attribute
+ is now ignored as it was prior to version 1.8.23.
+   * The audit plugin API has been changed slightly.  The sudo front-end
+ now audits an accept event itself after all approval plugins are
+ run and the I/O logging plugins (if any) are opened.  This makes
+ it possible for an audit plugin to only log a single overall
+ accept event if desired.
+   * The sudoers plugin can now be loaded as an audit plugin.  Logging
+ of successful commands is now performed in the audit plugin's
+ accept function.  As a result, commands are now only logged if
+ allowed by sudoers and all approval plugins.  Commands rejected
+ by an approval plugin are now also logged by the sudoers plugin.
+   * Romanian translation for sudo and sudoers from translationproject.org.
+   * Fixed a regression introduced in sudo 1.9.0 where sudoedit did
+ not remove its temporary files after installing them.  Bug #929.
+   * Fixed a regression introduced in sudo 1.9.0 where the iolog_file
+ setting in sudoers and sudo_logsrvd.conf caused an error if the
+ file name ended in six or more X's.
+
+---

Old:

  sudo-1.9.0.tar.gz
  sudo-1.9.0.tar.gz.sig

New:

  sudo-1.9.1.tar.gz
  sudo-1.9.1.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.sbjzgE/_old  2020-06-25 16:46:56.816876934 +0200
+++ /var/tmp/diff_new_pack.sbjzgE/_new  2020-06-25 16:46:56.820876948 +0200
@@ -22,7 +22,7 @@
 %define use_usretc 1
 %endif
 Name:   sudo
-Version:1.9.0
+Version:1.9.1
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.9.0.tar.gz -> sudo-1.9.1.tar.gz ++
 86811 lines of diff (skipped)




commit sudo for openSUSE:Factory

2020-05-20 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-05-20 18:37:15

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.2738 (New)


Package is "sudo"

Wed May 20 18:37:15 2020 rev:110 rq:807048 version:1.9.0

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-05-09 
19:52:26.244848575 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.2738/sudo.changes  2020-05-20 
18:37:25.820226682 +0200
@@ -1,0 +2,17 @@
+Mon May 18 20:37:03 UTC 2020 - Kristyna Streitova 
+
+- Update to 1.9.0 (current stable release)
+  * for changes between version 1.9.0 and 1.8.31p1 see rc changes
+below
+
+---
+Mon May 11 08:15:17 UTC 2020 - Kristyna Streitova 
+
+- Update to 1.9.0rc5
+  * The default TLS listener is now only enabled when either the
+TLS certificate file is explicitly specified in sudo_logsrvd.conf
+or the default TLS certificate file exists in the file system.
+There is no change in behavior for listen_address entries
+explicitly set in the configuration file. 
+
+---

Old:

  sudo-1.9.0rc4.tar.gz
  sudo-1.9.0rc4.tar.gz.sig

New:

  sudo-1.9.0.tar.gz
  sudo-1.9.0.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.haIMRc/_old  2020-05-20 18:37:27.256229691 +0200
+++ /var/tmp/diff_new_pack.haIMRc/_new  2020-05-20 18:37:27.256229691 +0200
@@ -22,14 +22,14 @@
 %define use_usretc 1
 %endif
 Name:   sudo
-Version:1.9.0rc4
+Version:1.9.0
 Release:0
 Summary:Execute some commands as root
 License:ISC
 Group:  System/Base
 URL:https://www.sudo.ws/
-Source0:https://www.sudo.ws/dist/beta/%{name}-%{version}.tar.gz
-Source1:https://www.sudo.ws/dist/beta/%{name}-%{version}.tar.gz.sig
+Source0:https://www.sudo.ws/dist/%{name}-%{version}.tar.gz
+Source1:https://www.sudo.ws/dist/%{name}-%{version}.tar.gz.sig
 Source2:%{name}.keyring
 Source3:sudo.pamd
 Source4:sudo-i.pamd

++ sudo-1.9.0rc4.tar.gz -> sudo-1.9.0.tar.gz ++
 3028 lines of diff (skipped)
retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude 
config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 
--exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh 
old/sudo-1.9.0rc4/ChangeLog new/sudo-1.9.0/ChangeLog
--- old/sudo-1.9.0rc4/ChangeLog 2020-05-07 05:14:31.0 +0200
+++ new/sudo-1.9.0/ChangeLog2020-05-11 18:29:28.0 +0200
@@ -1,3 +1,66 @@
+2020-05-11  Todd C. Miller  
+
+   * .hgtags:
+   Added tag SUDO_1_9_0 for changeset 706d726a2f8e
+   [d1f2b4ee59d5] [tip] <1.9>
+
+   * MANIFEST, include/sudo_iolog.h, include/sudo_util.h,
+   lib/iolog/Makefile.in, lib/iolog/host_port.c,
+   lib/iolog/regress/host_port/host_port_test.c, lib/util/Makefile.in,
+   lib/util/host_port.c, lib/util/regress/host_port/host_port_test.c,
+   lib/util/util.exp.in, logsrvd/logsrvd_conf.c,
+   plugins/sudoers/iolog_client.c:
+   Rename sudo_parse_host_port -> iolog_parse_host_port and mv to
+   lib/iolog It is not used outside of the I/O log client and server
+   and the host:port syntax may change in the future.
+   [706d726a2f8e] [SUDO_1_9_0]
+
+   * plugins/sudoers/sudoreplay.c:
+   Remove duplicate inclusion of time.h
+   [f560858325d5]
+
+2020-05-08  Todd C. Miller  
+
+   * doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
+   logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
+   plugins/sudoers/iolog_client.c:
+   Only enable TLS listener by default if we have a cert for it. We
+   want the log server to work with the default configuration. If the
+   default certificate path exists, it will be used with the default
+   listener. If the user explicitly enabled a TLS listener we always
+   attempt to use it. If TLS was specified but no cert file was set,
+   the default location will be used (and an error will occur if the
+   cert cannot be loaded).
+   [16ade34c38ee]
+
+2020-05-07  Todd C. Miller  
+
+   * plugins/sudoers/po/sudoers.pot, po/sudo.pot:
+   regen for 1.9.0 final
+   [99e507035253]
+
+   * logsrvd/Makefile.in:
+   regen
+   [555d817825b0]
+
+   * doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c:
+   The --preserve-env=list option may be specified more than once.
+  

commit sudo for openSUSE:Factory

2020-05-09 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-05-09 19:52:18

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.2738 (New)


Package is "sudo"

Sat May  9 19:52:18 2020 rev:109 rq:801234 version:1.9.0rc4

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-04-22 
20:43:10.742239518 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.2738/sudo.changes  2020-05-09 
19:52:26.244848575 +0200
@@ -1,0 +2,36 @@
+Thu May  7 12:14:26 UTC 2020 - Kristyna Streitova 
+
+- Update to 1.9.0rc4
+  * Various spelling fixes. Bug #925.
+  * The struct passwd passed to PAM session modules is now looked up
+by user name, not user-ID, when possible. Fixes a problem with
+the pam_limits module and configurations where multiple user names
+share the same ID. Debian bug #734752.
+  * Sudo command line options that take a value may only be specified
+once. This is to help guard against problems caused by poorly
+written scripts that invoke sudo with user-controlled input. Bug #924. 
+
+---
+Wed May  6 07:37:58 UTC 2020 - Kristyna Streitova 
+
+- Update to 1.9.0rc3
+  * The sudo-logsrvd package now installs a systemd service on Linux
+distros that use systemd.
+  * The I/O plugin is now closed before the policy plugin on command
+exit.
+  * When copying the edited files to the original path, sudoedit now
+allocates any additional space needed before writing. Previously,
+it could truncate the destination file if the file system was
+full. Bug #922.
+  * Fixed a compilation issue with Python 3.8.
+  * Changed how TLS connections are made to the log server. Instead
+of using a starttls type approach where TLS and plaintext
+connections share the same point we now use separate ports for
+plaintext and TLS connections. A (tls) flag can be specified after
+the host:port to indicate that the connection should be secured
+with TLS. This avoids a potention man-in-the-middle attack that
+could cause the connection to be forced into plaintext mode.
+Unfortunately, this change breaks compatibility with the
+previous release candidates.
+
+---

Old:

  sudo-1.9.0rc2.tar.gz
  sudo-1.9.0rc2.tar.gz.sig

New:

  sudo-1.9.0rc4.tar.gz
  sudo-1.9.0rc4.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.FYBpx8/_old  2020-05-09 19:52:27.316850876 +0200
+++ /var/tmp/diff_new_pack.FYBpx8/_new  2020-05-09 19:52:27.320850884 +0200
@@ -22,7 +22,7 @@
 %define use_usretc 1
 %endif
 Name:   sudo
-Version:1.9.0rc2
+Version:1.9.0rc4
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.9.0rc2.tar.gz -> sudo-1.9.0rc4.tar.gz ++
 12495 lines of diff (skipped)




commit sudo for openSUSE:Factory

2020-04-22 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-04-22 20:43:08

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.2738 (New)


Package is "sudo"

Wed Apr 22 20:43:08 2020 rev:108 rq:794970 version:1.9.0rc2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-03-19 
19:49:11.612145813 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new.2738/sudo.changes  2020-04-22 
20:43:10.742239518 +0200
@@ -1,0 +2,81 @@
+Fri Apr 17 17:07:06 UTC 2020 - Kristyna Streitova 
+
+- build with enable-python to support python plugins 
+
+---
+Fri Apr 17 11:51:49 UTC 2020 - Kristyna Streitova 
+
+- Update to 1.9.0rc2
+  * Fixed a test failure in the strsig_test regress test on FreeBSD.
+  * Sudo now includes a logging daemon, sudo_logsrvd, which can be
+used to implement centralized logging of I/O logs.  TLS connections
+are supported when sudo is configured with the --enable-openssl
+option.  For more information, see the sudo_logsrvd, logsrvd.conf
+and sudo_logsrv.proto manuals as well as the log_servers setting
+in the sudoers manual.
+The --disable-log-server and --disable-log-client configure
+options can be used to disable building the I/O log server and/or
+remote I/O log support in the sudoers plugin.
+  * The new sudo_sendlog utility can be used to test sudo_logsrvd
+or send existing sudo I/O logs to a centralized server.
+  * It is now possible to write sudo plugins in Python 3 when sudo
+is configured with the --enable-python> option.  See the
+sudo_plugin_python.man.html manual for details.
+Sudo 1.9.0 comes with several Python example plugins that get
+installed sudo's examples directory.
+The sudo blog article "What's new in sudo 1.9: Python"
+(https://blog.sudo.ws/posts/2020/01/whats-new-in-sudo-1.9-python/)
+includes a simple tutorial on writing python plugins.
+  * Sudo now supports an "audit" plugin type.  An audit plugin
+receives accept, reject, exit and error messages and can be used
+to implement custom logging that is independent of the underlying
+security policy.   Multiple audit plugins may be specified in
+the sudo.conf file.  A sample audit plugin is included that
+writes logs in JSON format.
+  * Sudo now supports an "approval" plugin type.  An approval plugin
+is run only after the main security policy (such as sudoers) accepts
+a command to be run.  The approval policy may perform additional
+checks, potentially interacting with the user.  Multiple approval
+plugins may be specified in the sudo.conf file.  Only if all
+approval plugins succeed will the command be allowed.
+  * Sudo's -S command line option now causes the sudo conversation
+function to write to the standard output or standard error instead
+of the terminal device.
+  * It is now possible to use "Cmd_Alias" instead of "Cmnd_Alias" for
+people who find the former more natural.
+  * The new "pam_ruser" and "pam_rhost" sudoers settings can be used
+to enable or disable setting the PAM remote user and/or host
+values during PAM session setup.
+  * More than one SHA-2 digest may now be specified for a single
+command.  Multiple digests must be separated by a comma.
+  * It is now possible to specify a SHA-2 digest in conjunction with
+the "ALL" reserved word in a command specification.  This allows
+one to give permission to run any command that matches the
+specified digest, regardless of its path.
+  * Sudo and sudo_logsrvd now create an extended I/O log info file
+in JSON format that contains additional information about the
+command that was run, such as the host name.  The sudoreplay
+utility uses this file in preference to the legacy log file.
+  * The sudoreplay utility can now match on a host name in list mode.
+The list output also now includes the host name if one is present
+in the log file.
+  * For "sudo -i", if the target user's home directory does not
+exist, sudo will now warn about the problem but run the command
+in the current working directory.  Previously, this was a fatal
+error.  Debian bug #598519.
+  * The command line arguments in the SUDO_COMMAND environment
+variable are now truncated at 4096 characters.  This avoids an
+"Argument list too long" error when executing a command with a
+large number of arguments.  Debian bug #596631.
+  * Sudo now properly ends the PAM transaction when the user
+authenticates successfully but sudoers denies the command.
+Debian bug #669687.
+  * The sudoers grammar in the manual now indicates that "sudoedit"
+requires one or more arguments.  Debian bug 

commit sudo for openSUSE:Factory

2020-03-19 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-03-19 19:45:31

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.3160 (New)


Package is "sudo"

Thu Mar 19 19:45:31 2020 rev:107 rq:785885 version:1.8.31p1

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2020-02-15 
22:23:42.279254068 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new.3160/sudo.changes  2020-03-19 
19:49:11.612145813 +0100
@@ -1,0 +2,10 @@
+Tue Mar 17 07:46:06 UTC 2020 - Paolo Stivanin 
+
+- Update to 1.8.31p1
+  * Sudo once again ignores a failure to restore the RLIMIT_CORE
+resource limit, as it did prior to version 1.8.29.
+Linux containers don't allow RLIMIT_CORE to be set back to
+RLIM_INFINITY if we set the limit to zero, even for root,
+which resulted in a warning from sudo.
+
+---

Old:

  sudo-1.8.31.tar.gz
  sudo-1.8.31.tar.gz.sig

New:

  sudo-1.8.31p1.tar.gz
  sudo-1.8.31p1.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.Zo3r8t/_old  2020-03-19 19:49:12.408146273 +0100
+++ /var/tmp/diff_new_pack.Zo3r8t/_new  2020-03-19 19:49:12.412146274 +0100
@@ -23,7 +23,7 @@
 %endif
 
 Name:   sudo
-Version:1.8.31
+Version:1.8.31p1
 Release:0
 Summary:Execute some commands as root
 License:ISC




commit sudo for openSUSE:Factory

2020-02-15 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2020-02-15 22:23:40

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.26092 (New)


Package is "sudo"

Sat Feb 15 22:23:40 2020 rev:106 rq:772143 version:1.8.31

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2019-12-18 
14:45:36.101864060 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new.26092/sudo.changes 2020-02-15 
22:23:42.279254068 +0100
@@ -1,0 +2,76 @@
+Thu Feb  6 19:21:23 UTC 2020 - Kristyna Streitova 
+
+- Update to 1.8.31
+  Major changes between version 1.8.31 and 1.8.30:
+  * This version fixes a potential security issue that can lead to
+a buffer overflow if the pwfeedback option is enabled in
+sudoers [CVE-2019-18634] [bsc#1162202]
+  * The sudoedit_checkdir option now treats a user-owned directory
+as writable, even if it does not have the write bit set at the
+time of check. Symbolic links will no longer be followed by
+sudoedit in any user-owned directory. Bug #912.
+  * Fixed a crash introduced in sudo 1.8.30 when suspending sudo
+at the password prompt. Bug #914.
+  * Fixed compilation on systems where the mmap MAP_ANON flag is
+not available. Bug #915.
+  Major changes between version 1.8.30 and 1.8.29:
+  * Sudo now closes file descriptors before changing uids. This
+prevents a non-root process from interfering with sudo's ability
+to close file descriptors on systems that support the prlimit(2)
+system call.
+  * Sudo now treats an attempt to run sudo sudoedit as simply
+sudoedit If the sudoers file contains a fully-qualified path
+to sudoedit, sudo will now treat it simply as sudoedit
+(with no path). Visudo will will now treat a fully-qualified
+path to sudoedit as an error. Bug #871.
+  * Fixed a bug introduced in sudo 1.8.28 where sudo would warn
+about a missing /etc/environment file on AIX and Linux when
+PAM is not enabled. Bug #907.
+  * Fixed a bug on Linux introduced in sudo 1.8.29 that prevented
+the askpass program from running due to an unlimited stack size
+resource limit. Bug #908.
+  * If a group provider plugin has optional arguments, the argument
+list passed to the plugin is now NULL terminated as per the
+documentation.
+  * The user's time stamp file is now only updated if both authentication
+and approval phases succeed. This is consistent with the behavior
+of sudo prior to version 1.8.23. Bug #910.
+  * The new allow_unknown_runas_id sudoers setting can be used to
+enable or disable the use of unknown user or group IDs.
+Previously, sudo would always allow unknown user or group IDs if
+the sudoers entry permitted it, including via the ALL alias.
+As of sudo 1.8.30, the admin must explicitly enable support for
+unknown IDs.
+  * The new runas_check_shell sudoers setting can be used to require
+that the runas user have a shell listed in the /etc/shells file.
+On many systems, users such as bin, do not have a valid shell and
+this flag can be used to prevent commands from being run as
+those users.
+  * Fixed a problem restoring the SELinux tty context during reboot
+if mctransd is killed before sudo finishes. GitHub Issue #17.
+  * Fixed an intermittent warning on NetBSD when sudo restores the
+initial stack size limit.
+  Major changes between version 1.8.29 and 1.8.28p1:
+  * The cvtsudoers command will now reject non-LDIF input when
+converting from LDIF format to sudoers or JSON formats.
+  * The new log_allowed and log_denied sudoers settings make it
+possible to disable logging and auditing of allowed and/or
+denied commands.
+  * The umask is now handled differently on systems with PAM or
+login.conf. If the umask is explicitly set in sudoers, that
+value is used regardless of what PAM or login.conf may specify.
+However, if the umask is not explicitly set in sudoers, PAM or
+login.conf may now override the default sudoers umask. Bug #900.
+  * For make install, the sudoers file is no longer checked for syntax
+errors when DESTDIR is set. The default sudoers file includes the
+contents of /etc/sudoers.d which may not be readable as non-root.
+Bug #902.
+  * Sudo now sets most resource limits to their maximum value to avoid
+problems caused by insufficient resources, such as an inability to
+allocate memory or open files and pipes. Fixed a regression introduced
+in sudo 1.8.28 where sudo would refuse to run if the parent process was
+not associated with a session. This was due to sudo passing a session
+ID of -1 to the plugin.
+- refresh sudo-sudoers.patch
+
+---

Old:

  

commit sudo for openSUSE:Factory

2019-12-18 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2019-12-18 14:43:05

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.4691 (New)


Package is "sudo"

Wed Dec 18 14:43:05 2019 rev:105 rq:756015 version:1.8.28p1

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2019-10-30 
14:42:18.777830997 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new.4691/sudo.changes  2019-12-18 
14:45:36.101864060 +0100
@@ -1,0 +2,5 @@
+Fri Dec  6 08:38:45 UTC 2019 - Thorsten Kukuk 
+
+- Move pam.d/sudo* files to /usr/etc
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.4lyDzG/_old  2019-12-18 14:45:38.045864949 +0100
+++ /var/tmp/diff_new_pack.4lyDzG/_new  2019-12-18 14:45:38.057864955 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,6 +16,12 @@
 #
 
 
+%if ! %{defined _distconfdir}
+%define _distconfdir %{_sysconfdir}
+%else
+%define use_usretc 1
+%endif
+
 Name:   sudo
 Version:1.8.28p1
 Release:0
@@ -109,9 +115,9 @@
 
 %install
 %make_install install_uid=`id -u` install_gid=`id -g`
-install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sudo
-install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/sudo-i
+install -d -m 755 %{buildroot}%{_distconfdir}/pam.d
+install -m 644 %{SOURCE3} %{buildroot}%{_distconfdir}/pam.d/sudo
+install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/sudo-i
 rm -f %{buildroot}%{_bindir}/sudoedit
 ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
 install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
@@ -133,6 +139,21 @@
 install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
 rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
 
+%if %{defined use_usretc}
+%pre
+# move outdated pam.d/*.rpmsave files away
+for i in sudo sudo-i ; do
+test -f /etc/pam.d/${i}.rpmsave && mv -v /etc/pam.d/${i}.rpmsave 
/etc/pam.d/${i}.rpmsave.old ||:
+done
+
+%posttrans
+# Migration to /usr/etc.
+for i in  sudo sudo-i ; do
+  test -f /etc/pam.d/${i}.rpmsave && mv -v /etc/pam.d/${i}.rpmsave 
/etc/pam.d/${i} ||:
+done
+
+%endif
+
 %post
 chmod 0440 %{_sysconfdir}/sudoers
 %if 0%{?suse_version} <= 1130
@@ -160,8 +181,13 @@
 
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
 %dir %{_sysconfdir}/sudoers.d
+%if %{defined use_usretc}
+%{_distconfdir}/pam.d/sudo
+%{_distconfdir}/pam.d/sudo-i
+%else
 %config(noreplace) %{_sysconfdir}/pam.d/sudo
 %config(noreplace) %{_sysconfdir}/pam.d/sudo-i
+%endif
 %attr(4755,root,root) %{_bindir}/sudo
 %dir %{_sysconfdir}/openldap
 %dir %{_sysconfdir}/openldap/schema





commit sudo for openSUSE:Factory

2019-10-30 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2019-10-30 14:42:14

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.2990 (New)


Package is "sudo"

Wed Oct 30 14:42:14 2019 rev:104 rq:743446 version:1.8.28p1

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2019-08-27 
15:20:48.368858384 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.2990/sudo.changes  2019-10-30 
14:42:18.777830997 +0100
@@ -1,0 +2,66 @@
+Wed Oct 16 15:08:29 UTC 2019 - Vítězslav Čížek 
+
+- Update to 1.8,28p1
+  * The fix for Bug #869 caused "sudo -v" to prompt for a password
+when "verifypw" is set to "all" (the default) and all of the
+user's sudoers entries are marked with NOPASSWD.  Bug #901.
+
+---
+Mon Oct 14 15:10:21 UTC 2019 - Vítězslav Čížek 
+
+- Update to 1.8.28
+ * Fixed CVE-2019-14287 (bsc#1153674),
+   a bug where a sudo user may be able to
+   run a command as root when the Runas specification explicitly
+   disallows root access as long as the ALL keyword is listed first.
+   * Sudo will now only set PAM_TTY to the empty string when no
+   terminal is present on Solaris and Linux.  This workaround is
+   only needed on those systems which may have PAM modules that
+   misbehave when PAM_TTY is not set.
+ * The mailerflags sudoers option now has a default value even if
+   sendmail support was disabled at configure time.  Fixes a crash
+   when the mailerpath sudoers option is set but mailerflags is not.
+   Bug #878.
+ * Sudo will now filter out last login messages on HP-UX unless it
+   a shell is being run via "sudo -s" or "sudo -i".  Otherwise,
+   when trusted mode is enabled, these messages will be displayed
+   for each command.
+ * Sudo has a new -B command line option that will ring the terminal
+   bell when prompting for a password.
+ * Sudo no longer refuses to prompt for a password when it cannot
+   determine the user's terminal as long as it can open /dev/tty.
+   This allows sudo to function on systems where /proc is unavailable,
+   such as when running in a chroot environment.
+ * The "env_editor" sudoers flag is now on by default.  This makes
+   source builds more consistent with the packages generated by
+   sudo's mkpkg script.
+ * Fixed a bad interaction with configure's --prefix and
+   --disable-shared options.  Bug #886.
+ * More verbose error message when a password is required and no terminal
+   is present.  Bug #828.
+ * Command tags, such as NOPASSWD, are honored when a user tries to run a
+   command that is allowed by sudoers but which does not actually
+   exist on the file system.  Bug #888.
+ * I/O log timing files now store signal suspend and resume information
+   in the form of a signal name instead of a number.
+ * Fixed a bug introduced in 1.8.24 that prevented sudo from honoring
+   the value of "ipa_hostname" from sssd.conf, if specified, when
+   matching the host name.
+ * Fixed a bug introduced in 1.8.21 that prevented the core dump
+   resource limit set in the pam_limits module from taking effect.
+   Bug #894.
+ * Fixed parsing of double-quoted Defaults group and netgroup bindings.
+ * The user ID is now used when matching sudoUser attributes in LDAP.
+   Previously, the user name, group name and group IDs were used
+   when matching but not the user ID.
+ * Sudo now writes PAM messages to the user's terminal, if available,
+   instead of the standard output or standard error.  This prevents
+   PAM output from being intermixed with that of the command when
+   output is sent to a file or pipe.  Bug #895.
+ * Sudoedit now honors the umask and umask_override settings in sudoers.
+   Previously, the user's umask was used as-is.
+ * Fixed a bug where the terminal's file context was not restored
+   when using SELinux RBAC.  Bug #898.
+- refresh sudo-sudoers.patch
+
+---

Old:

  sudo-1.8.27.tar.gz
  sudo-1.8.27.tar.gz.sig

New:

  sudo-1.8.28p1.tar.gz
  sudo-1.8.28p1.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.NQTadz/_old  2019-10-30 14:42:19.581831852 +0100
+++ /var/tmp/diff_new_pack.NQTadz/_new  2019-10-30 14:42:19.585831857 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.27
+Version:1.8.28p1
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -173,9 +173,10 @@
 %dir %{_libexecdir}/%{name}
 %{_libexecdir}/%{name}/sesh
 %{_libexecdir}/%{name}/sudo_noexec.so
-%{_libexecdir}/%{name}/sudoers.so
-%{_libexecdir}/%{name}/group_file.so
-%{_libexecdir}/%{name}/system_group.so

commit sudo for openSUSE:Factory

2019-08-27 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2019-08-27 15:20:45

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.7948 (New)


Package is "sudo"

Tue Aug 27 15:20:45 2019 rev:103 rq:724506 version:1.8.27

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2019-01-29 
14:44:29.907107848 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new.7948/sudo.changes  2019-08-27 
15:20:48.368858384 +0200
@@ -1,0 +2,5 @@
+Sun Aug 18 08:08:52 UTC 2019 - Oliver Kurz 
+
+- Correct typo in sudoers patch
+
+---



Other differences:
--

++ sudo-sudoers.patch ++
--- /var/tmp/diff_new_pack.MsIfej/_old  2019-08-27 15:20:49.060858036 +0200
+++ /var/tmp/diff_new_pack.MsIfej/_new  2019-08-27 15:20:49.064858034 +0200
@@ -37,7 +37,7 @@
 +Defaults secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
 +Defaults env_reset
 +## Change env_reset to !env_reset in previous line to keep all environment 
variables
-+## Following list will no longer be nevessary after this change
++## Following list will no longer be necessary after this change
 +Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE 
LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
 +## Comment out the preceding line and uncomment the following one if you need
 +## to use special input methods. This may allow users to compromise the root




commit sudo for openSUSE:Factory

2019-01-29 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2019-01-29 14:44:27

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.28833 (New)


Package is "sudo"

Tue Jan 29 14:44:27 2019 rev:102 rq:666133 version:1.8.27

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-11-22 
13:23:35.330121064 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new.28833/sudo.changes 2019-01-29 
14:44:29.907107848 +0100
@@ -1,0 +2,16 @@
+Sun Jan 13 19:26:23 UTC 2019 - sean...@opensuse.org
+
+- Update to 1.8.27
+  * Fixes and clarifications to the sudo plugin documentation
+  * The sudo manuls no longer require extensive post-processing
+  * If an I/O logging plugin is configured, sudo will no longer
+force the command to be run in a pseudo-tty
+  * #843 (PAM handling error) correctly fixed.
+  * In visudo, it's now possible to specify the path to sudoers
+without using the -f option (#864)
+  * Fixed a big introduced in 1.8.22 where utm/p/utmpx would not
+be updated when a command was run in a pseudo-tty (#865)
+  * Sudo now sets the silent flag when opening the PAM session 
+except when running a shell via sudo -s or sudo -i (#867)
+
+---

Old:

  sudo-1.8.26.tar.gz
  sudo-1.8.26.tar.gz.sig

New:

  sudo-1.8.27.tar.gz
  sudo-1.8.27.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.zVLjXp/_old  2019-01-29 14:44:30.411107237 +0100
+++ /var/tmp/diff_new_pack.zVLjXp/_new  2019-01-29 14:44:30.411107237 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.26
+Version:1.8.27
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.8.26.tar.gz -> sudo-1.8.27.tar.gz ++
 8395 lines of diff (skipped)




commit sudo for openSUSE:Factory

2018-11-22 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-11-22 13:23:26

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new.19453 (New)


Package is "sudo"

Thu Nov 22 13:23:26 2018 rev:101 rq:650509 version:1.8.26

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-10-01 
09:02:36.772038428 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.19453/sudo.changes 2018-11-22 
13:23:35.330121064 +0100
@@ -1,0 +2,25 @@
+Sat Nov 17 09:08:54 UTC 2018 - s...@suspend.net
+
+- Update to 1.8.26 
+  * Fixed a bug in cvtsudoers when converting to JSON format
+when alias exansion is enabled
+  * Sudo no longer sets the USERNAME environment variable
+when running commands
+  * Sudo now treats the LOGNAME and USER environment variables
+(as well as the LOGIN variable on AIX) as a single unit
+  * Added support for OpenLDAP TLS_REQCERT setting in ldap.conf
+  * Sudo now logs when the command was suspended and resumed 
+in the I/O logs
+  * Sudo now prints a warning message when there is an error or 
+end of file while reading the password instead of exiting
+  * Fixed a bug introduced in sudo 1.8.25 that prevented sudo 
+from properly setting the user's groups on AIX.
+  * The sudoers LDAP back-end now supports negated sudoRunAsUser 
+and sudoRunAsGroup entries
+  * Sudo now rpovides a proper error message when the "fqdn" 
+sudoers option is set and it is unable to resolve the local
+host name.
+  * Sudo now includes sudoers LDAP schema for the on-line config
+supported by OpenLDAP
+ 
+---

Old:

  sudo-1.8.25p1.tar.gz
  sudo-1.8.25p1.tar.gz.sig

New:

  sudo-1.8.26.tar.gz
  sudo-1.8.26.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.Y7DYqR/_old  2018-11-22 13:23:36.622119720 +0100
+++ /var/tmp/diff_new_pack.Y7DYqR/_new  2018-11-22 13:23:36.626119716 +0100
@@ -12,12 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
 Name:   sudo
-Version:1.8.25p1
+Version:1.8.26
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.8.25p1.tar.gz -> sudo-1.8.26.tar.gz ++
 64690 lines of diff (skipped)




commit sudo for openSUSE:Factory

2018-10-01 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-10-01 09:02:33

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Mon Oct  1 09:02:33 2018 rev:100 rq:637025 version:1.8.25p1

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-09-13 
12:08:41.946483854 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-10-01 
09:02:36.772038428 +0200
@@ -1,0 +2,14 @@
+Wed Sep 19 15:40:24 UTC 2018 - kstreit...@suse.com
+
+- fix permissions for /var/lib/sudo and /var/lib/sudo/ts
+  [bsc#1097643]
+
+---
+Tue Sep 18 09:38:57 UTC 2018 - Marketa Calabkova 
+
+- Update to 1.8.25p1
+  * Fixed a bug introduced in sudo 1.8.25 that caused a crash on 
+systems that have the poll() function but not the ppoll() 
+function
+
+---

Old:

  sudo-1.8.25.tar.gz
  sudo-1.8.25.tar.gz.sig

New:

  sudo-1.8.25p1.tar.gz
  sudo-1.8.25p1.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.I1chii/_old  2018-10-01 09:02:37.996037364 +0200
+++ /var/tmp/diff_new_pack.I1chii/_new  2018-10-01 09:02:38.37361 +0200
@@ -17,12 +17,12 @@
 
 
 Name:   sudo
-Version:1.8.25
+Version:1.8.25p1
 Release:0
 Summary:Execute some commands as root
 License:ISC
 Group:  System/Base
-Url:https://www.sudo.ws/
+URL:https://www.sudo.ws/
 Source0:https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
 Source2:%{name}.keyring
@@ -148,15 +148,15 @@
 %files -f %{name}.lang
 %license doc/LICENSE
 %doc %{_docdir}/%{name}
-%{_mandir}/man1/cvtsudoers.1%{ext_man}
-%{_mandir}/man5/sudoers.5%{ext_man}
-%{_mandir}/man5/sudo.conf.5%{ext_man}
-%{_mandir}/man5/sudoers.ldap.5%{ext_man}
-%{_mandir}/man5/sudoers_timestamp.5%{ext_man}
-%{_mandir}/man8/sudo.8%{ext_man}
-%{_mandir}/man8/sudoedit.8%{ext_man}
-%{_mandir}/man8/sudoreplay.8%{ext_man}
-%{_mandir}/man8/visudo.8%{ext_man}
+%{_mandir}/man1/cvtsudoers.1%{?ext_man}
+%{_mandir}/man5/sudoers.5%{?ext_man}
+%{_mandir}/man5/sudo.conf.5%{?ext_man}
+%{_mandir}/man5/sudoers.ldap.5%{?ext_man}
+%{_mandir}/man5/sudoers_timestamp.5%{?ext_man}
+%{_mandir}/man8/sudo.8%{?ext_man}
+%{_mandir}/man8/sudoedit.8%{?ext_man}
+%{_mandir}/man8/sudoreplay.8%{?ext_man}
+%{_mandir}/man8/visudo.8%{?ext_man}
 
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
 %dir %{_sysconfdir}/sudoers.d
@@ -177,15 +177,15 @@
 %{_libexecdir}/%{name}/group_file.so
 %{_libexecdir}/%{name}/system_group.so
 %{_libexecdir}/%{name}/libsudo_util.so.*
-%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
+%attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
+%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts
 %dir %{_tmpfilesdir}
 %{_tmpfilesdir}/sudo.conf
-%ghost %{_localstatedir}/lib/sudo/ts
 
 %files devel
 %doc plugins/sample/sample_plugin.c
 %{_includedir}/sudo_plugin.h
-%{_mandir}/man8/sudo_plugin.8*
+%{_mandir}/man8/sudo_plugin.8%{?ext_man}
 %attr(0644,root,root) %{_libexecdir}/%{name}/libsudo_util.so
 %{_libexecdir}/%{name}/*.la
 




commit sudo for openSUSE:Factory

2018-09-13 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-09-13 12:08:38

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Thu Sep 13 12:08:38 2018 rev:99 rq:633589 version:1.8.25

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-08-28 
09:23:11.072592139 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-09-13 
12:08:41.946483854 +0200
@@ -1,0 +2,12 @@
+Wed Sep  5 09:02:35 UTC 2018 - Marketa Calabkova 
+
+- Update to 1.8.25
+  * I/O log timing file entries now use a monotonic timer and 
+include nanosecond precision
+  * when sudo runs a command in a pseudo-tty, the slave device is 
+now closed in the main process immediately after starting the 
+monitor process
+  * the testsudoers utility now supports querying an LDIF-format 
+policy
+
+---

Old:

  sudo-1.8.24.tar.gz
  sudo-1.8.24.tar.gz.sig

New:

  sudo-1.8.25.tar.gz
  sudo-1.8.25.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.WssMG8/_old  2018-09-13 12:08:42.462483276 +0200
+++ /var/tmp/diff_new_pack.WssMG8/_new  2018-09-13 12:08:42.466483271 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.24
+Version:1.8.25
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.8.24.tar.gz -> sudo-1.8.25.tar.gz ++
 10625 lines of diff (skipped)




commit sudo for openSUSE:Factory

2018-08-28 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-08-28 09:22:46

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Tue Aug 28 09:22:46 2018 rev:98 rq:630800 version:1.8.24

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-07-23 
17:57:28.525194476 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-08-28 
09:23:11.072592139 +0200
@@ -1,0 +2,10 @@
+Tue Aug 21 11:42:45 UTC 2018 - mcalabk...@suse.com
+
+- Update to 1.8.24
+  * random insults are now more random 
+  * added SUDO_CONV_PREFER_TTY flag for conversation function to 
+tell sudo to try writing to /dev/tty first
+  * cvtsudoers can now parse base64-encoded attributes in LDIF 
+files
+
+---

Old:

  sudo-1.8.23.tar.gz
  sudo-1.8.23.tar.gz.sig

New:

  sudo-1.8.24.tar.gz
  sudo-1.8.24.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.njplZW/_old  2018-08-28 09:23:12.428596368 +0200
+++ /var/tmp/diff_new_pack.njplZW/_new  2018-08-28 09:23:12.432596381 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.23
+Version:1.8.24
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.8.23.tar.gz -> sudo-1.8.24.tar.gz ++
 46746 lines of diff (skipped)




commit sudo for openSUSE:Factory

2018-07-23 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-07-23 17:57:23

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Mon Jul 23 17:57:23 2018 rev:97 rq:624251 version:1.8.23

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-05-06 
14:59:58.500314757 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-07-23 
17:57:28.525194476 +0200
@@ -1,0 +2,5 @@
+Thu Jul 12 19:14:48 UTC 2018 - bwiedem...@suse.com
+
+- Build with make -B to make package build reproducible
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.k7CQKg/_old  2018-07-23 17:57:29.525193226 +0200
+++ /var/tmp/diff_new_pack.k7CQKg/_new  2018-07-23 17:57:29.529193222 +0200
@@ -104,7 +104,8 @@
 --with-passprompt="[sudo] password for %%p: " \
 --with-rundir=%{_localstatedir}/lib/sudo \
 --with-sssd
-make %{?_smp_mflags}
+# -B required to make every build give the same result - maybe from bad build 
deps in Makefiles?
+make -B %{?_smp_mflags}
 
 %install
 %make_install install_uid=`id -u` install_gid=`id -g`





commit sudo for openSUSE:Factory

2018-05-06 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-05-06 14:59:52

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Sun May  6 14:59:52 2018 rev:96 rq:603566 version:1.8.23

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-04-23 
15:24:41.585094951 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-05-06 
14:59:58.500314757 +0200
@@ -1,0 +2,9 @@
+Wed May  2 16:19:56 UTC 2018 - mich...@stroeder.com
+
+- Update to 1.8.23
+  * primarily a bug fix release
+  * new cvtsudoers utility (replaces sudoers2ldif) and converts
+between sudoers formats and perform some basic filtering.
+  * removed obsolete sudoers2ldif-env.patch
+  
+---

Old:

  sudo-1.8.22.tar.gz
  sudo-1.8.22.tar.gz.sig
  sudoers2ldif-env.patch

New:

  sudo-1.8.23.tar.gz
  sudo-1.8.23.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.8wPY6C/_old  2018-05-06 14:59:59.260286866 +0200
+++ /var/tmp/diff_new_pack.8wPY6C/_new  2018-05-06 14:59:59.264286719 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.22
+Version:1.8.23
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -31,9 +31,8 @@
 Source5:README.SUSE
 Source6:fate_313276_test.sh
 Source7:README_313276.test
-Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
-Patch1: sudo-sudoers.patch
+Patch0: sudo-sudoers.patch
 BuildRequires:  audit-devel
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  groff
@@ -73,7 +72,6 @@
 %prep
 %setup -q
 %patch0 -p1
-%patch1 -p1
 
 %build
 %ifarch s390 s390x %{sparc}
@@ -113,7 +111,6 @@
 install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
 install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sudo
 install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/sudo-i
-mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
 rm -f %{buildroot}%{_bindir}/sudoedit
 ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
 install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
@@ -150,6 +147,7 @@
 %files -f %{name}.lang
 %license doc/LICENSE
 %doc %{_docdir}/%{name}
+%{_mandir}/man1/cvtsudoers.1%{ext_man}
 %{_mandir}/man5/sudoers.5%{ext_man}
 %{_mandir}/man5/sudo.conf.5%{ext_man}
 %{_mandir}/man5/sudoers.ldap.5%{ext_man}
@@ -169,8 +167,8 @@
 %attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema
 %{_bindir}/sudoedit
 %{_bindir}/sudoreplay
+%{_bindir}/cvtsudoers
 %{_sbindir}/visudo
-%attr(0755,root,root) %{_sbindir}/sudoers2ldif
 %dir %{_libexecdir}/%{name}
 %{_libexecdir}/%{name}/sesh
 %{_libexecdir}/%{name}/sudo_noexec.so

++ sudo-1.8.22.tar.gz -> sudo-1.8.23.tar.gz ++
 76388 lines of diff (skipped)




commit sudo for openSUSE:Factory

2018-04-23 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-04-23 15:24:41

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Mon Apr 23 15:24:41 2018 rev:95 rq:597343 version:1.8.22

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-04-16 
12:43:14.881644644 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-04-23 
15:24:41.585094951 +0200
@@ -1,0 +2,13 @@
+Mon Apr 16 15:18:12 UTC 2018 - kstreit...@suse.com
+
+- integrate pam_keyinit pam module [bsc#1081947]
+  * add sudo-i.pamd PAM configuration file and install it as
+/etc/pam.d/sudo-i
+  * add "session optional pam_keyinit.so revoke" to sudo.pamd and
+"session optional pam_keyinit.so force revoke" to sudo-i.pamd
+  * add "--with-pam-login" build option to enable specific PAM
+session for "sudo -i"
+- make pam configuration files (noreplace)
+- reorganize Sources
+
+---

New:

  sudo-i.pamd



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.inXWzr/_old  2018-04-23 15:24:42.185073158 +0200
+++ /var/tmp/diff_new_pack.inXWzr/_new  2018-04-23 15:24:42.185073158 +0200
@@ -24,12 +24,13 @@
 Group:  System/Base
 Url:https://www.sudo.ws/
 Source0:https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
-Source1:sudo.pamd
-Source2:README.SUSE
-Source3:fate_313276_test.sh
-Source4:README_313276.test
-Source5:https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
-Source6:%{name}.keyring
+Source1:https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
+Source2:%{name}.keyring
+Source3:sudo.pamd
+Source4:sudo-i.pamd
+Source5:README.SUSE
+Source6:fate_313276_test.sh
+Source7:README_313276.test
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch1: sudo-sudoers.patch
@@ -88,6 +89,7 @@
 --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
 --enable-tmpfiles.d=%{_tmpfilesdir} \
 --with-pam \
+--with-pam-login \
 --with-ldap \
 --with-selinux \
 --with-linux-audit \
@@ -109,13 +111,14 @@
 %install
 %make_install install_uid=`id -u` install_gid=`id -g`
 install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
-install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/sudo
+install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/sudo
+install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/sudo-i
 mv %{buildroot}%{_docdir}/%{name}/sudoers2ldif %{buildroot}%{_sbindir}
 rm -f %{buildroot}%{_bindir}/sudoedit
 ln -sf %{_bindir}/sudo %{buildroot}%{_bindir}/sudoedit
 install -d -m 755 %{buildroot}%{_sysconfdir}/openldap/schema
 install -m 644 doc/schema.OpenLDAP 
%{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema
-install -m 644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/
+install -m 644 %{SOURCE5} %{buildroot}%{_docdir}/%{name}/
 rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
 rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
 rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
@@ -126,8 +129,8 @@
 cat sudoers.lang >> %{name}.lang
 # tests
 install -d -m 755 %{buildroot}%{_localstatedir}/lib/tests/sudo
-install -m 755 %{SOURCE3} %{buildroot}%{_localstatedir}/lib/tests/sudo
-install -m 755 %{SOURCE4} %{buildroot}%{_localstatedir}/lib/tests/sudo
+install -m 755 %{SOURCE6} %{buildroot}%{_localstatedir}/lib/tests/sudo
+install -m 755 %{SOURCE7} %{buildroot}%{_localstatedir}/lib/tests/sudo
 install -d %{buildroot}%{_docdir}/%{name}-test
 install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
 rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
@@ -158,7 +161,8 @@
 
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
 %dir %{_sysconfdir}/sudoers.d
-%config %{_sysconfdir}/pam.d/sudo
+%config(noreplace) %{_sysconfdir}/pam.d/sudo
+%config(noreplace) %{_sysconfdir}/pam.d/sudo-i
 %attr(4755,root,root) %{_bindir}/sudo
 %dir %{_sysconfdir}/openldap
 %dir %{_sysconfdir}/openldap/schema


++ sudo-i.pamd ++
#%PAM-1.0
auth includecommon-auth
account  includecommon-account
password includecommon-password
session  optional   pam_keyinit.so force revoke
session  includecommon-session
# session  optional   pam_xauth.so
++ sudo.pamd ++
--- /var/tmp/diff_new_pack.inXWzr/_old  2018-04-23 15:24:42.297069091 +0200
+++ /var/tmp/diff_new_pack.inXWzr/_new  2018-04-23 15:24:42.297069091 +0200
@@ -2,5 +2,6 @@
 auth includecommon-auth
 account  include

commit sudo for openSUSE:Factory

2018-04-16 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-04-16 12:43:13

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Mon Apr 16 12:43:13 2018 rev:94 rq:594820 version:1.8.22

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-02-19 
13:04:19.070828337 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-04-16 
12:43:14.881644644 +0200
@@ -1,0 +2,5 @@
+Wed Apr  4 11:47:35 CEST 2018 - ku...@suse.de
+
+- Use %license instead of %doc [bsc#1082318]
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.DYv6fQ/_old  2018-04-16 12:43:15.797611313 +0200
+++ /var/tmp/diff_new_pack.DYv6fQ/_new  2018-04-16 12:43:15.801611168 +0200
@@ -130,6 +130,7 @@
 install -m 755 %{SOURCE4} %{buildroot}%{_localstatedir}/lib/tests/sudo
 install -d %{buildroot}%{_docdir}/%{name}-test
 install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
+rm -fv %{buildroot}%{_docdir}/%{name}/LICENSE
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers
@@ -144,6 +145,7 @@
 %verify_permissions -e %{_bindir}/sudo
 
 %files -f %{name}.lang
+%license doc/LICENSE
 %doc %{_docdir}/%{name}
 %{_mandir}/man5/sudoers.5%{ext_man}
 %{_mandir}/man5/sudo.conf.5%{ext_man}





commit sudo for openSUSE:Factory

2018-02-19 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-02-19 13:03:47

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Mon Feb 19 13:03:47 2018 rev:93 rq:578010 version:1.8.22

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2018-02-16 
21:40:14.948658827 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-02-19 
13:04:19.070828337 +0100
@@ -1,0 +2,6 @@
+Mon Feb 19 08:08:02 UTC 2018 - dims...@opensuse.org
+
+- Fix sudo prompt: escape %p into %%p to ensure 'p' is not wrapped
+  and interpreted as being an rpm variable (boo#1081470).
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.WIOj1k/_old  2018-02-19 13:04:20.486777272 +0100
+++ /var/tmp/diff_new_pack.WIOj1k/_new  2018-02-19 13:04:20.490777128 +0100
@@ -101,7 +101,7 @@
 --with-sudoers-mode=0440 \
 --with-env-editor \
 --without-secure-path \
---with-passprompt="[sudo] password for %{p}: " \
+--with-passprompt="[sudo] password for %%p: " \
 --with-rundir=%{_localstatedir}/lib/sudo \
 --with-sssd
 make %{?_smp_mflags}





commit sudo for openSUSE:Factory

2018-02-16 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2018-02-16 21:40:11

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Fri Feb 16 21:40:11 2018 rev:92 rq:576060 version:1.8.22

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-12-13 
11:57:58.269829104 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2018-02-16 
21:40:14.948658827 +0100
@@ -1,0 +2,71 @@
+Tue Feb 13 11:33:04 UTC 2018 - kstreit...@suse.com
+
+- The sudo distribution files are now signed with a new pgp key.
+  Refresh sudo.keyring
+
+---
+Wed Jan 24 00:44:24 UTC 2018 - avin...@opensuse.org
+
+- Update to 1.8.22 [bsc#1080793]
+  * Commands run in the background from a script run via sudo will
+no longer receive SIGHUP when the parent exits and I/O logging
+is enabled
+  * A particularly offensive insult is now disabled by default
+  * The description of sudo -i now correctly documents that the
+env_keep and env_check sudoers options are applied to the
+environment
+  * Fixed a crash when the system's host name is not set
+  * The sudoers2ldif script now handles #include and #includedir
+directives.
+  * Fixed a bug where sudo would silently exit when the command
+was not allowed by sudoers and the passwd_tries sudoers option
+was set to a value less than one.
+  * Fixed a bug with the listpw and verifypw sudoers options and
+multiple sudoers sources. If the option is set to all a
+password should be required unless none of a user's sudoers
+entries from any source require authentication.
+  * Fixed a bug with the listpw and verifypw sudoers options in
+the LDAP and SSSD back-ends. If the option is set to any and
+the entry contained multiple rules, only the first matching
+rule was checked. If an entry contained more than one matching
+rule and the first rule required authentication but a
+subsequent rule did not, sudo would prompt for a password when
+it should not have.
+  * When running a command as the invoking user (not root), sudo
+would execute the command with the same group vector it was
+started with. Sudo now executes the command with a new group
+vector based on the group database which is consistent with how
+su(1) operates.
+  * Fixed a double free in the SSSD back-end that could occur when
+ipa_hostname is present in sssd.conf and is set to an unqualified
+host name.
+  * When I/O logging is enabled, sudo will now write to the terminal
+even when it is a background process. Previously, sudo would only
+write to the tty when it was the foreground process when I/O
+logging was enabled. If the TOSTOP terminal flag is set, sudo
+will suspend the command (and then itself) with the SIGTTOU signal.
+  * A new authfail_message sudoers option that overrides the default
+N incorrect password attempt(s).
+  * An empty sudoRunAsUser attribute in the LDAP and SSSD backends
+will now match the invoking user. This is more consistent with
+how an empty runas user in the sudoers file is treated.
+  * Documented that in check mode, visudo does not check the owner /
+mode on files specified with the -f flag
+  * It is now an error to specify the runas user as an empty string
+on the command line. Previously, an empty runas user was treated
+the same as an unspecified runas user
+  * When timestamp_type option is set to tty and a terminal is
+present, the time stamp record will now include the start time
+of the session leader. When the timestamp_type option is set
+to ppid or when no terminal is available, the start time of the
+parent process is used instead. This significantly reduces the
+likelihood of a time stamp record being re-used when a user logs
+out and back in again.
+  * The sudoers time stamp file format is now documented in the new
+sudoers_timestamp manual.
+  * Visudo will now use the SUDO_EDITOR environment variable (if
+present) in addition to VISUAL and EDITOR. 
+- rebase sudoers2ldif-env.patch
+- cleanup with spec-cleaner
+
+---

Old:

  sudo-1.8.21p2.tar.gz
  sudo-1.8.21p2.tar.gz.sig

New:

  sudo-1.8.22.tar.gz
  sudo-1.8.22.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.p5ogFo/_old  2018-02-16 21:40:16.496603002 +0100
+++ /var/tmp/diff_new_pack.p5ogFo/_new  2018-02-16 21:40:16.504602713 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.

commit sudo for openSUSE:Factory

2017-12-13 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-12-13 11:57:53

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Wed Dec 13 11:57:53 2017 rev:91 rq:556001 version:1.8.21p2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-09-18 
19:50:40.919043167 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-12-13 
11:57:58.269829104 +0100
@@ -1,0 +2,5 @@
+Mon Dec 11 13:38:25 UTC 2017 - kstreit...@suse.com
+
+- remove sudoers.dist that is not needed [bsc#1071379] 
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.EBiEJp/_old  2017-12-13 11:57:59.053791259 +0100
+++ /var/tmp/diff_new_pack.EBiEJp/_new  2017-12-13 11:57:59.053791259 +0100
@@ -120,6 +120,7 @@
 rm -f %{buildroot}%{_docdir}/%{name}/sample.pam
 rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
 rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
+rm -f %{buildroot}%{_sysconfdir}/sudoers.dist
 
 %find_lang %{name}
 %find_lang sudoers
@@ -155,7 +156,6 @@
 %{_mandir}/man8/visudo.8*
 
 %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers
-%config %attr(0440,root,root) /etc/sudoers.dist
 %dir %{_sysconfdir}/sudoers.d
 %config %{_sysconfdir}/pam.d/sudo
 %attr(4755,root,root) %{_bindir}/sudo






commit sudo for openSUSE:Factory

2017-09-18 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-09-18 19:50:39

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Mon Sep 18 19:50:39 2017 rev:90 rq:526347 version:1.8.21p2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-09-12 
19:37:06.089386452 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-09-18 
19:50:40.919043167 +0200
@@ -1,0 +2,7 @@
+Wed Sep 13 14:19:27 UTC 2017 - kstreit...@suse.com
+
+- remove "--with-insults" and disable insults by default. Now
+  insults sets are included but user must enable it in the sudoers
+  file [bsc#1053911]
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.x8091X/_old  2017-09-18 19:50:42.298849100 +0200
+++ /var/tmp/diff_new_pack.x8091X/_new  2017-09-18 19:50:42.302848537 +0200
@@ -93,7 +93,6 @@
 --with-selinux \
 --with-linux-audit \
 --with-logfac=auth \
---with-insults \
 --with-all-insults \
 --with-ignore-dot \
 --with-tty-tickets \






commit sudo for openSUSE:Factory

2017-09-12 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-09-12 19:37:04

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Tue Sep 12 19:37:04 2017 rev:89 rq:522271 version:1.8.21p2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-06-29 
15:09:48.586056469 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-09-12 
19:37:06.089386452 +0200
@@ -1,0 +2,85 @@
+Fri Sep  8 09:17:50 UTC 2017 - mich...@stroeder.com
+
+- update to 1.8.21p2
+
+Major changes between sudo 1.8.21p2 and 1.8.21p1:
+ * Fixed a bug introduced in version 1.8.21 which prevented sudo
+   from using the PAM-supplied prompt.  Bug #799
+ * Fixed a bug introduced in version 1.8.21 which could result in
+   sudo hanging when running commands that exit quickly.  Bug #800
+ * Fixed a bug introduced in version 1.8.21 which prevented the
+   command from being run when the password was read via an external
+   program using the askpass interface.  Bug #801
+
+Major changes between sudo 1.8.21p1 and 1.8.21:
+ * On systems that support both PAM and SIGINFO, the main sudo
+   process will no longer forward SIGINFO to the command if the
+   signal was generated from the keyboard.  The command will have
+   already received SIGINFO since it is part of the same process
+   group so there's no need for sudo to forward it.  This is
+   consistent with the handling of SIGINT, SIGQUIT and SIGTSTP.
+   Bug #796
+ * If SUDOERS_SEARCH_FILTER in ldap.conf does not specify a value,
+   the LDAP search expression used when looking up netgroups and
+   non-Unix groups had a syntax error if a group plugin was not
+   specified.
+ * "sudo -U otheruser -l" will now have an exit value of 0 even
+   if "otheruser" has no sudo privileges.  The exit value when a
+   user attempts to lists their own privileges or when a command
+   is specified is unchanged.
+ * Fixed a regression introduced in sudo 1.8.21 where sudoreplay
+   playback would hang for I/O logs that contain terminal input.
+ * Sudo 1.8.18 contained an incomplete fix for the matching of
+   entries in the LDAP and SSSD backends when a sudoRunAsGroup is
+   specified but no sudoRunAsUser is present in the sudoRole.
+
+Major changes between sudo 1.8.21 and 1.8.20p2:
+ * The path that sudo uses to search for terminal devices can now
+   be configured via the new "devsearch" Path setting in sudo.conf.
+ * It is now possible to preserve bash shell functions in the
+   environment when the "env_reset" sudoers setting is disabled by
+   removing the "*=()*" pattern from the env_delete list.
+ * A change made in sudo 1.8.15 inadvertantly caused sudoedit to
+   send itself SIGHUP instead of exiting when the editor returns
+   an error or the file was not modified.
+ * Sudoedit now uses an exit code of zero if the file was not
+   actually modified.  Previously, sudoedit treated a lack of
+   modifications as an error.
+ * When running a command in a pseudo-tty (pty), sudo now copies a
+   subset of the terminal flags to the new pty.  Previously, all
+   flags were copied, even those not appropriate for a pty.
+ * Fixed a problem with debug logging in the sudoers I/O logging
+   plugin.
+ * Window size change events are now logged to the policy plugin.
+   On xterm and compatible terminals, sudoreplay is now capable of
+   resizing the terminal to match the size of the terminal the
+   command was run on.  The new -R option can be used to disable
+   terminal resizing.
+ * Fixed a bug in visudo where a newly added file was not checked
+   for syntax errors.  Bug #791.
+ * Fixed a bug in visudo where if a syntax error in an include
+   directory (like /etc/sudoers.d) was detected, the edited version
+   was left as a temporary file instead of being installed.
+ * On PAM systems, sudo will now treat "username's Password:" as
+   a standard password prompt.  As a result, the SUDO_PROMPT
+   environment variable will now override "username's Password:"
+   as well as the more common "Password:".  Previously, the
+   "passprompt_override" Defaults setting would need to be set for
+   SUDO_PROMPT to override a prompt of "username's Password:".
+ * A new "syslog_pid" sudoers setting has been added to include
+   sudo's process ID along with the process name when logging via
+   syslog.  Bug #792.
+ * Fixed a bug introduced in sudo 1.8.18 where a command would
+   not be terminated when the I/O logging plugin returned an error
+   to the sudo front-end.
+ * A new "timestamp_type" sudoers setting has been added that replaces
+   the "tty_tickets" option.  In addition to tty and global time stamp
+   records, it is now possible to use the parent process ID to restrict
+   the time stamp to commands run by the same process, 

commit sudo for openSUSE:Factory

2017-06-29 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-06-29 15:08:51

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Thu Jun 29 15:08:51 2017 rev:88 rq:505125 version:1.8.20p2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-06-04 
01:49:11.146421860 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-06-29 
15:09:48.586056469 +0200
@@ -13,0 +14 @@
+   [bsc#1042146], [CVE-2017-1000368]



Other differences:
--





commit sudo for openSUSE:Factory

2017-06-03 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-06-04 01:48:57

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Sun Jun  4 01:48:57 2017 rev:87 rq:500408 version:1.8.20p2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-05-31 
21:26:19.337799096 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-06-04 
01:49:11.146421860 +0200
@@ -1,0 +2,87 @@
+Thu Jun  1 07:04:16 UTC 2017 - mich...@stroeder.com
+
+- update to 1.8.20p2 which obsoletes patches:
+  * sudo-1.8.19p2-CVE-2017-1000367.patch
+  * sudo-1.8.19p2-decrement_env_len.patch
+  * sudo-1.8.19p2-dont_overwrite_ret_val.patch
+
+Major changes between sudo 1.8.20p2 and 1.8.20p1:
+
+ * Fixed a bug parsing /proc/pid/stat on Linux when the process
+   name contains newlines.  This is not exploitable due to the /dev
+   traversal changes in sudo 1.8.20p1.
+
+Major changes between sudo 1.8.20p1 and 1.8.20:
+
+ * Fixed "make check" when using OpenSSL or GNU crypt.
+   Bug #787.
+ * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
+   when the process name contains spaces.  Since the user has control
+   over the command name, this could potentially be used by a user
+   with sudo access to overwrite an arbitrary file on systems with
+   SELinux enabled.  Also stop performing a breadth-first traversal
+   of /dev when looking for the device; only a hard-coded list of
+   directories are checked,
+
+Major changes between sudo 1.8.20 and 1.8.19p2:
+
+ * Added support for SASL_MECH in ldap.conf. Bug #764
+ * Added support for digest matching when the command is a glob-style
+   pattern or a directory. Previously, only explicit path matches
+   supported digest checks.
+ * New "fdexec" Defaults option to control whether a command
+   is executed by path or by open file descriptor.
+ * The embedded copy of zlib has been upgraded to version 1.2.11.
+ * Fixed a bug that prevented sudoers include files with a relative
+   path starting with the letter 'i' from being opened.  Bug #776.
+ * Added support for command timeouts in sudoers.  The command will
+   be terminated if the timeout expires.
+ * The SELinux role and type are now displayed in the "sudo -l"
+   output for the LDAP and SSSD backends, just as they are in the
+   sudoers backend.
+ * A new command line option, -T, can be used to specify a command
+   timeout as long as the user-specified timeout is not longer than
+   the timeout specified in sudoers.  This option may only be
+   used when the "user_command_timeouts" flag is enabled in sudoers.
+ * Added NOTBEFORE and NOTAFTER command options to the sudoers
+   backend similar to what is already available in the LDAP backend.
+ * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
+   crypt instead of the SHA2 implementation bundled with sudo.
+ * Fixed a compilation error on systems without the stdbool.h header
+   file.  Bug #778.
+ * Fixed a compilation error in the standalone Kerberos V authentication
+   module.  Bug #777.
+ * Added the iolog_flush flag to sudoers which causes I/O log data
+   to be written immediately to disk instead of being buffered.
+ * I/O log files are now created with group ID 0 by default unless
+   the "iolog_user" or "iolog_group" options are set in sudoers.
+ * It is now possible to store I/O log files on an NFS-mounted
+   file system where uid 0 is remapped to an unprivileged user.
+   The "iolog_user" option must be set to a non-root user and the
+   top-level I/O log directory must exist and be owned by that user.
+ * Added the restricted_env_file setting to sudoers which is similar
+   to env_file but its contents are subject to the same restrictions
+   as variables in the invoking user's environment.
+ * Fixed a use after free bug in the SSSD backend when the fqdn
+   sudoOption is enabled and no hostname value is present in
+   /etc/sssd/sssd.conf.
+ * Fixed a typo that resulted in a compilation error on systems
+   where the killpg() function is not found by configure.
+
+ * Fixed a compilation error with the included version of zlib
+   when sudo was built outside the source tree.
+ * Fixed the exit value of sudo when the command is terminated by
+   a signal other than SIGINT.  This was broken in sudo 1.8.15 by
+   the fix for Bug #722.  Bug #784.
+ * Fixed a regression introduced in sudo 1.8.18 where the "lecture"
+   option could not be used in a positive boolean context, only
+   a negative one.
+ * Fixed an issue where sudo would consume stdin if it was not
+   connected to a tty even if log_input is not enabled in sudoers.
+   Bug #786.
+ * Clarify in the sudoers manual that the #includedir directive
+   diverts control to the files in the specified directory and,
+   

commit sudo for openSUSE:Factory

2017-05-31 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-05-31 21:26:18

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Wed May 31 21:26:18 2017 rev:86 rq:499850 version:1.8.19p2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-03-10 
21:05:59.673182349 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-05-31 
21:26:19.337799096 +0200
@@ -1,0 +2,9 @@
+Tue May 30 19:11:42 UTC 2017 - sfl...@suse.de
+
+- Fix a vulnerability in Sudo's get_process_ttyname() leading to 
+  privlage elevation.
+  * sudo-1.8.19p2-CVE-2017-1000367.patch 
+  * CVE-2017-1000367
+  * bsc#1039361
+
+---

New:

  sudo-1.8.19p2-CVE-2017-1000367.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.2QeaZM/_old  2017-05-31 21:26:20.221674395 +0200
+++ /var/tmp/diff_new_pack.2QeaZM/_new  2017-05-31 21:26:20.225673831 +0200
@@ -35,6 +35,7 @@
 Patch1: sudo-sudoers.patch
 Patch2: sudo-1.8.19p2-decrement_env_len.patch
 Patch3: sudo-1.8.19p2-dont_overwrite_ret_val.patch
+Patch4: sudo-1.8.19p2-CVE-2017-1000367.patch
 BuildRequires:  audit-devel
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  groff
@@ -78,6 +79,7 @@
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.19p2-CVE-2017-1000367.patch ++
Index: sudo-1.8.19p2/src/ttyname.c
===
--- sudo-1.8.19p2.orig/src/ttyname.c
+++ sudo-1.8.19p2/src/ttyname.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012-2016 Todd C. Miller 
+ * Copyright (c) 2012-2017 Todd C. Miller 
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -145,20 +145,22 @@ sudo_ttyname_dev(dev_t tdev, char *name,
 }
 #elif defined(HAVE_STRUCT_PSINFO_PR_TTYDEV) || defined(HAVE_PSTAT_GETPROC) || 
defined(__linux__)
 /*
- * Devices to search before doing a breadth-first scan.
+ * Device nodes and directories to search before searching all of /dev
  */
 static char *search_devs[] = {
 "/dev/console",
-"/dev/wscons",
-"/dev/pts/",
-"/dev/vt/",
-"/dev/term/",
-"/dev/zcons/",
+"/dev/pts/",   /* POSIX pty */
+"/dev/vt/",/* Solaris virtual console */
+"/dev/term/",  /* Solaris serial ports */
+"/dev/zcons/", /* Solaris zone console */
+"/dev/pty/",   /* HP-UX old-style pty */
 NULL
 };
 
+/*
+ * Device nodes to ignore when searching all of /dev
+ */
 static char *ignore_devs[] = {
-"/dev/fd/",
 "/dev/stdin",
 "/dev/stdout",
 "/dev/stderr",
@@ -166,16 +168,18 @@ static char *ignore_devs[] = {
 };
 
 /*
- * Do a breadth-first scan of dir looking for the specified device.
+ * Do a scan of a directory looking for the specified device.
+ * Does not descend into subdirectories.
  * Returns name on success and NULL on failure, setting errno.
  */
 static char *
-sudo_ttyname_scan(const char *dir, dev_t rdev, bool builtin, char *name, 
size_t namelen)
+sudo_ttyname_scan(const char *dir, dev_t rdev, char *name, size_t namelen)
 {
-size_t sdlen, num_subdirs = 0, max_subdirs = 0;
-char pathbuf[PATH_MAX], **subdirs = NULL;
+size_t sdlen;
+char pathbuf[PATH_MAX];
 char *ret = NULL;
 struct dirent *dp;
+struct stat sb;
 unsigned int i;
 DIR *d = NULL;
 debug_decl(sudo_ttyname_scan, SUDO_DEBUG_UTIL)
@@ -183,6 +187,18 @@ sudo_ttyname_scan(const char *dir, dev_t
 if (dir[0] == '\0' || (d = opendir(dir)) == NULL)
goto done;
 
+if (fstat(dirfd(d), ) == -1) {
+   sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+   "unable to fstat %s", dir);
+   goto done;
+}
+if ((sb.st_mode & S_IWOTH) != 0) {
+   sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
+   "ignoring world-writable directory %s", dir);
+   errno = ENOENT;
+   goto done;
+}
+
 sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"scanning for dev %u in %s", (unsigned int)rdev, dir);
 
@@ -220,18 +236,6 @@ sudo_ttyname_scan(const char *dir, dev_t
}
if (ignore_devs[i] != NULL)
continue;
-   if (!builtin) {
-   /* Skip entries in search_devs; we already checked them. */
-   for (i = 0; search_devs[i] != NULL; i++) {
-   len = strlen(search_devs[i]);
-   if (search_devs[i][len - 1] == '/')
-   len--;
- 

commit sudo for openSUSE:Factory

2017-03-10 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-03-10 21:05:57

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Fri Mar 10 21:05:57 2017 rev:85 rq:477786 version:1.8.19p2

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-02-05 
16:28:06.886293163 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-03-10 
21:05:59.673182349 +0100
@@ -1,0 +2,17 @@
+Fri Mar  3 15:30:29 UTC 2017 - kstreit...@suse.com
+
+- update sudo in SLE12SP3 to the latest Factory version [fate#322095]
+  * remove sudo-1.8.10p3-CVE-2016-7032.patch [bsc#1007766]
+* fixed in sudo 1.8.15
+  * remove sudo-1.8.10p3-CVE-2016-7076.patch [bsc#1007501]
+* fixed in sudo 1.8.18p1
+  * remove sudo-1.8.10p3-parse_boottime_properly.patch [bsc#899252]
+* fixed in sudo 1.8.14
+  * remove sudo-1.8.10p3-user_groups.patch [bsc#988014]
+* fixed in sudo 1.8.17p1
+  * remove sudo-1.8.10p3_pam_groups_upstream.patch [fate#318850]
+* fixed in sudo 1.8.17 
+  * remove sudo-1.8.10p3-CVE-2014-9680.patch [bsc#917806]
+* fixed in sudo 1.8.12 
+
+---



Other differences:
--





commit sudo for openSUSE:Factory

2017-02-05 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-02-05 15:44:38

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2017-01-19 
10:34:15.602244556 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-02-05 
16:28:06.886293163 +0100
@@ -1,0 +2,10 @@
+Tue Jan 31 16:11:17 UTC 2017 - kstreit...@suse.com
+
+- add sudo-1.8.19p2-decrement_env_len.patch - In 
+  sudo_unsetenv_nodebug(), decrement envp.env_len after removing
+  the variable [bsc#981124]
+- add sudo-1.8.19p2-dont_overwrite_ret_val.patch - don't overwrite
+  the return value of ldap_sasl_interactive_bind_s() by the
+  subsequent call to sudo_set_krb5_ccache_name() [bsc#981124]
+
+---

New:

  sudo-1.8.19p2-decrement_env_len.patch
  sudo-1.8.19p2-dont_overwrite_ret_val.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.5Mgovd/_old  2017-02-05 16:28:07.650185447 +0100
+++ /var/tmp/diff_new_pack.5Mgovd/_new  2017-02-05 16:28:07.650185447 +0100
@@ -33,6 +33,8 @@
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch1: sudo-sudoers.patch
+Patch2: sudo-1.8.19p2-decrement_env_len.patch
+Patch3: sudo-1.8.19p2-dont_overwrite_ret_val.patch
 BuildRequires:  audit-devel
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  groff
@@ -74,6 +76,8 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.19p2-decrement_env_len.patch ++
# HG changeset patch
# User Todd C. Miller 
# Date 1484590376 25200
# Node ID 3d87a008671c73ff8c058ce8576cc791d50086cc
# Parent  5323dfcfb009a2436bf7bd867e4d308e0935356b
In sudo_unsetenv_nodebug(), decrement envp.env_len after removing
the variable.  From Paul Zirnik of SUSE.

diff -r 5323dfcfb009 -r 3d87a008671c plugins/sudoers/env.c
--- a/plugins/sudoers/env.c Sun Jan 15 19:13:26 2017 -0700
+++ b/plugins/sudoers/env.c Mon Jan 16 11:12:56 2017 -0700
@@ -497,6 +497,7 @@
char **cur = ep;
while ((*cur = *(cur + 1)) != NULL)
cur++;
+   env.env_len--;
/* Keep going, could be multiple instances of the var. */
} else {
ep++;


++ sudo-1.8.19p2-dont_overwrite_ret_val.patch ++
# HG changeset patch
# User Todd C. Miller 
# Date 1484590826 25200
# Node ID 448baff2b586d8b777d9e5c01ce8e58d61d62b9a
# Parent  3d87a008671c73ff8c058ce8576cc791d50086cc
Don't overwrite the return value of ldap_sasl_interactive_bind_s()
by the subsequent call to sudo_set_krb5_ccache_name().  From Paul
Zirnik of SUSE.

diff -r 3d87a008671c -r 448baff2b586 plugins/sudoers/ldap.c
--- a/plugins/sudoers/ldap.cMon Jan 16 11:12:56 2017 -0700
+++ b/plugins/sudoers/ldap.cMon Jan 16 11:20:26 2017 -0700
@@ -3002,7 +3002,7 @@
 static int
 sudo_ldap_bind_s(LDAP *ld)
 {
-int ret;
+int rc, ret;
 debug_decl(sudo_ldap_bind_s, SUDOERS_DEBUG_LDAP)
 
 #ifdef HAVE_LDAP_SASL_INTERACTIVE_BIND_S
@@ -3025,27 +3025,27 @@
}
 
if (new_ccname != NULL) {
-   ret = sudo_set_krb5_ccache_name(new_ccname, _ccname);
-   if (ret == 0) {
+   rc = sudo_set_krb5_ccache_name(new_ccname, _ccname);
+   if (rc == 0) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"set ccache name %s -> %s",
old_ccname ? old_ccname : "(none)", new_ccname);
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
-   "sudo_set_krb5_ccache_name() failed: %d", ret);
+   "sudo_set_krb5_ccache_name() failed: %d", rc);
}
}
ret = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI",
NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id);
if (new_ccname != NULL) {
-   ret = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
-   if (ret == 0) {
+   rc = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
+   if (rc == 0) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
"restore ccache name %s -> %s", new_ccname,
old_ccname ? old_ccname : "(none)");
} else {
sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
-   "sudo_set_krb5_ccache_name() failed: %d", ret);
+   

commit sudo for openSUSE:Factory

2017-01-19 Thread root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2017-01-19 10:34:14

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2016-11-03 
11:12:32.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2017-01-19 
10:34:15.602244556 +0100
@@ -1,0 +2,73 @@
+Sat Jan 14 14:25:39 UTC 2017 - mich...@stroeder.com
+
+- update to 1.8.19p2
+
+Major changes between sudo 1.8.19p2 and 1.8.19p1:
+ * Fixed a crash in visudo introduced in sudo 1.8.9 when an IP address
+   or network is used in a host-based Defaults entry.  Bug #766
+ * Added a missing check for the ignore_iolog_errors flag when
+   the sudoers plugin generates the I/O log file path name.
+ * Fixed a typo in sudo's vsyslog() replacement that resulted in
+   garbage being logged to syslog.
+
+---
+Wed Jan  4 12:40:14 UTC 2017 - kstreit...@suse.com
+
+- add /usr/lib/tmpfiles.d directory to the %files section and fix
+  build for SLE12SP2
+
+---
+Mon Dec 19 23:08:10 UTC 2016 - mich...@stroeder.com
+
+- update to 1.8.19p1
+
+Major changes between sudo 1.8.19p1 and 1.8.19:
+ * Fixed a bug introduced in sudo 1.8.19 that resulted in the wrong
+   syslog priority and facility being used.
+
+Major changes between sudo 1.8.19 and 1.8.18p1:
+ * New "syslog_maxlen" Defaults option to control the maximum size of
+   syslog messages generated by sudo.
+ * Sudo has been run against PVS-Studio and any issues that were
+   not false positives have been addressed.
+ * I/O log files are now created same group ID as the parent directory
+   and not the invoking user's group ID.
+ * I/O log permissions and ownership are now configurable via the
+   "iolog_mode", "iolog_user" and "iolog_group" sudoers Defaults
+   variables.
+ * Fixed configuration of the sudoers I/O log plugin debug subsystem.
+   Previously, I/O log information was not being written to the
+   sudoers debug log.
+ * Fixed a bug in visudo that broke editing of files in an include
+   dir that have a syntax error.  Normally, visudo does not edit
+   those files, but if a syntax error is detected in one, the user
+   should get a chance to fix it.
+ * Warnings about unknown or unparsable sudoers Defaults entries now
+   include the file and line number of the problem.
+ * Visudo will now use the file and line number information about an
+   unknown or unparsable Defaults entry to go directly to the file
+   with the problem.
+ * Fixed a bug in the sudoers LDAP back-end where a negated sudoHost
+   entry would prevent other sudoHost entries following it from matching.
+ * Warnings from visudo about a cycle in an Alias entry now include the
+   file and line number of the problem.
+ * In strict mode, visudo will now use the file and line number
+   information about a cycle in an Alias entry to go directly to the
+   file with the problem.
+ * The sudo_noexec.so file is now linked with -ldl on systems that
+   require it for the wordexp() wrapper.
+ * Fixed linking of sudo_noexec.so on macOS systems where it must be
+   a dynamic library and not a module.
+ * Sudo's "make check" now includes a test for sudo_noexec.so
+   working.
+ * The sudo front-end now passes the user's umask to the plugin.
+   Previously the plugin had to determine this itself.
+ * Sudoreplay can now display the stdin and ttyin streams when they
+   are explicitly added to the filter list.
+ * Fixed a bug introduced in sudo 1.8.17 where the "all" setting
+   for verifypw and listpw was not being honored.  Bug #762.
+ * The syslog priority (syslog_goodpri and syslog_badpri) can now
+   be negated or set to "none" to disable logging of successful or
+   unsuccessful sudo attempts via syslog.
+
+---

Old:

  sudo-1.8.18p1.tar.gz
  sudo-1.8.18p1.tar.gz.sig

New:

  sudo-1.8.19p2.tar.gz
  sudo-1.8.19p2.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.cCr2dh/_old  2017-01-19 10:34:16.310144713 +0100
+++ /var/tmp/diff_new_pack.cCr2dh/_new  2017-01-19 10:34:16.318143585 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.18p1
+Version:

commit sudo for openSUSE:Factory

2016-11-03 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2016-11-03 11:12:31

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2016-09-30 
15:19:44.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2016-11-03 
11:12:32.0 +0100
@@ -1,0 +2,12 @@
+Fri Oct 28 08:53:16 UTC 2016 - mich...@stroeder.com
+
+- update to 1.8.18p1 with these major changes:
+ * When sudo_noexec.so is used, the WRDE_NOCMD flag is now added
+   if the wordexp() function is called.  This prevents commands
+   from being run via wordexp() without disabling it entirely.
+ * On Linux systems, sudo_noexec.so now uses a seccomp filter to
+   disable execute access if the kernel supports seccomp.  This is
+   more robust than the traditional method of using stub functions
+   that return an error.
+
+---

Old:

  sudo-1.8.18.tar.gz
  sudo-1.8.18.tar.gz.sig

New:

  sudo-1.8.18p1.tar.gz
  sudo-1.8.18p1.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.9vR9MF/_old  2016-11-03 11:12:34.0 +0100
+++ /var/tmp/diff_new_pack.9vR9MF/_new  2016-11-03 11:12:34.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.18
+Version:1.8.18p1
 Release:0
 Summary:Execute some commands as root
 License:ISC





commit sudo for openSUSE:Factory

2016-09-30 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2016-09-30 15:19:43

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2016-07-01 
09:53:50.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2016-09-30 
15:19:44.0 +0200
@@ -1,0 +2,61 @@
+Tue Sep 20 20:13:29 UTC 2016 - mich...@stroeder.com
+
+- update to 1.8.18
+ * The sudoers locale is now set before parsing the sudoers file.
+   If sudoers_locale is set in sudoers, it is applied before
+   evaluating other Defaults entries.  Previously, sudoers_locale
+   was used when evaluating sudoers but not during the inital parse.
+   Bug #748.
+ * A missing or otherwise invalid #includedir is now ignored instead
+   of causing a parse error.
+ * During "make install", backup files are only used on HP-UX where
+   it is not possible to unlink a shared object that is in use.
+   This works around a bug in ldconfig on Linux which could create
+   links to the backup shared library file instead of the current
+   one.
+ * Fixed a bug introduced in 1.8.17 where sudoers entries with long
+   commands lines could be truncated, preventing a match.  Bug #752.
+ * The fqdn, runas_default and sudoers_locale Defaults settings are
+   now applied before any other Defaults settings since they can
+   change how other Defaults settings are parsed.
+ * On systems without the O_NOFOLLOW open(2) flag, when the NOFOLLOW
+   flag is set, sudoedit now checks whether the file is a symbolic link
+   before opening it as well as after the open.  Bug #753.
+ * Sudo will now only resolve a user's group IDs to group names
+   when sudoers includes group-based permissions.  Group lookups
+   can be expensive on some systems where the group database is
+   not local.
+ * If the file system holding the sudo log file is full, allow
+   the command to run unless the new ignore_logfile_errors Defaults
+   option is disabled.  Bug #751.
+ * The ignore_audit_errors and ignore_iolog_errors Defaults options
+   have been added to control sudo's behavior when it is unable to
+   write to the audit and I/O logs.
+ * Fixed a bug introduced in 1.8.17 where the SIGPIPE signal handler
+   was not being restored when sudo directly executes the command.
+ * Fixed a bug where "sudo -l command" would indicate that a command
+   was runnable even when denied by sudoers when using the LDAP or
+   SSSD backends.
+ * The match_group_by_gid Defaults option has been added to allow
+   sites where group name resolution is slow and where sudoers only
+   contains a small number of groups to match groups by group ID
+   instead of by group name.
+ * Fixed a bug on Linux where a 32-bit sudo binary could fail with
+   an "unable to allocate memory" error when run on a 64-bit system.
+   Bug #755
+ * When parsing ldap.conf, sudo will now only treat a '#' character
+   as the start of a comment when it is at the beginning of the
+   line.
+ * Fixed a potential crash when auditing is enabled and the audit
+   function fails with an error.  Bug #756
+ * Norwegian Nynorsk translation for sudo from translationproject.org.
+ * Fixed a typo that broke short host name matching when the fqdn
+   flag is enabled in sudoers.  Bug #757
+ * Negated sudoHost attributes are now supported by the LDAP and
+   SSSD backends.
+ * Fixed matching entries in the LDAP and SSSD backends when a
+   RunAsGroup is specified but no RunAsUser is present.
+ * Fixed "sudo -l" output in the LDAP and SSSD backends when a
+   RunAsGroup is specified but no RunAsUser is present.
+
+---

Old:

  sudo-1.8.17p1.tar.gz
  sudo-1.8.17p1.tar.gz.sig

New:

  sudo-1.8.18.tar.gz
  sudo-1.8.18.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.6A3zkY/_old  2016-09-30 15:19:46.0 +0200
+++ /var/tmp/diff_new_pack.6A3zkY/_new  2016-09-30 15:19:46.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.17p1
+Version:1.8.18
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.8.17p1.tar.gz -> sudo-1.8.18.tar.gz ++
 39102 lines of diff (skipped)





commit sudo for openSUSE:Factory

2016-07-01 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2016-07-01 09:53:48

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2016-06-07 
23:43:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2016-07-01 
09:53:50.0 +0200
@@ -1,0 +2,57 @@
+Wed Jun 22 21:02:46 UTC 2016 - mich...@stroeder.com
+
+- update to 1.8.17p1:
+  * Fixed a bug introduced in 1.8.17 where the user's groups were
+not set on systems that don't use PAM.  Bug #749.
+
+---
+Sun Jun 19 14:01:44 UTC 2016 - mich...@stroeder.com
+
+- removed obsolete patch sudo-1.8.16-pam_groups.patch
+- update to 1.8.17:
+ * On AIX, if /etc/security/login.cfg has auth_type set to PAM_AUTH
+   but pam_start(3) fails, fall back to AIX authentication.
+   Bug #740.
+ * Sudo now takes all sudoers sources into account when determining
+   whether or not "sudo -l" or "sudo -b" should prompt for a password.
+   In other words, if both file and ldap sudoers sources are in
+   specified in /etc/nsswitch.conf, "sudo -v" will now require that
+   all entries in both sources be have NOPASSWD (file) or !authenticate
+   (ldap) in the entries.
+ * Sudo now ignores SIGPIPE until the command is executed.  Previously,
+   SIGPIPE was only ignored in a few select places.  Bug #739.
+ * Fixed a bug introduced in sudo 1.8.14 where (non-syslog) log
+   file entries were missing the newline when loglinelen is set to
+   a non-positive number.  Bug #742.
+ * Unix groups are now set before the plugin session intialization
+   code is run.  This makes it possible to use dynamic groups with
+   the Linux-PAM pam_group module.
+ * Fixed a bug where a debugging statement could dereference a NULL
+   pointer when looking up a group that doesn't exist.  Bug #743.
+ * Sudo has been run through the Coverity code scanner.  A number of
+   minor bugs have been fixed as a result.  None were security issues.
+ * SELinux support, which was broken in 1.8.16, has been repaired.
+ * Fixed a bug when logging I/O where all output buffers might not
+   get flushed at exit.
+ * Forward slashes are no longer escaped in the JSON output of
+   "visudo -x".  This was never required by the standard and not
+   escaping them improves readability of the output.
+ * Sudo no longer treats PAM_SESSION_ERR as a fatal error when
+   opening the PAM session.  Other errors from pam_open_session()
+   are still treated as fatal.  This avoids the "policy plugin
+   failed session initialization" error message seen on some systems.
+ * Korean translation for sudo and sudoers from translationproject.org.
+ * Fixed a bug on AIX where the stack size hard resource limit was
+   being set to 2GB instead of 4GB on 64-bit systems.
+ * The SSSD backend now properly supports "sudo -U otheruser -l".
+ * The SSSD backend now uses the value of "ipa_hostname"
+   from sssd.conf, if specified, when matching the host name.
+ * Fixed a hang on some systems when the command is being run in
+   a pty and it failed to execute.
+ * When performing a wildcard match in sudoers, check for an exact
+   string match if the user command was fully-qualified (or resolved
+   via the PATH).  This fixes an issue executing scripts on Linux
+   when there are multiple wildcard matches with the same base name.
+   Bug #746.
+
+---

Old:

  sudo-1.8.16-pam_groups.patch
  sudo-1.8.16.tar.gz
  sudo-1.8.16.tar.gz.sig

New:

  sudo-1.8.17p1.tar.gz
  sudo-1.8.17p1.tar.gz.sig



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.WsJK0O/_old  2016-07-01 09:53:51.0 +0200
+++ /var/tmp/diff_new_pack.WsJK0O/_new  2016-07-01 09:53:51.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.16
+Version:1.8.17p1
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -33,7 +33,6 @@
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch1: sudo-sudoers.patch
-Patch2: sudo-1.8.16-pam_groups.patch
 BuildRequires:  audit-devel
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  groff
@@ -75,7 +74,6 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc





commit sudo for openSUSE:Factory

2016-06-07 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2016-06-07 23:43:29

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2016-05-25 
21:21:29.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2016-06-07 
23:43:30.0 +0200
@@ -1,0 +2,5 @@
+Mon May 23 08:22:12 UTC 2016 - egeor...@openmailbox.org
+
+- Changing password promp to make use of sudo localized prompts. 
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.HuH44N/_old  2016-06-07 23:43:31.0 +0200
+++ /var/tmp/diff_new_pack.HuH44N/_new  2016-06-07 23:43:31.0 +0200
@@ -105,7 +105,7 @@
 --with-sudoers-mode=0440 \
 --with-env-editor \
 --without-secure-path \
---with-passprompt='%%p\x27s password:' \
+--with-passprompt="[sudo] password for %p: " \
 --with-rundir=%{_localstatedir}/lib/sudo \
 --with-sssd
 make %{?_smp_mflags}






commit sudo for openSUSE:Factory

2016-05-25 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2016-05-25 21:21:28

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2016-05-05 
13:18:31.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2016-05-25 
21:21:29.0 +0200
@@ -1,0 +2,6 @@
+Thu May 19 09:13:54 UTC 2016 - kstreit...@suse.com
+
+- add "BuildRequires: cyrus-sasl-devel" to enable SASL
+  authentication [bnc#979531]
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.cp7Qz0/_old  2016-05-25 21:21:30.0 +0200
+++ /var/tmp/diff_new_pack.cp7Qz0/_new  2016-05-25 21:21:30.0 +0200
@@ -35,6 +35,7 @@
 Patch1: sudo-sudoers.patch
 Patch2: sudo-1.8.16-pam_groups.patch
 BuildRequires:  audit-devel
+BuildRequires:  cyrus-sasl-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
 BuildRequires:  openldap2-devel






commit sudo for openSUSE:Factory

2016-05-05 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2016-05-05 13:18:29

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2016-03-26 
15:11:51.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2016-05-05 
13:18:31.0 +0200
@@ -1,0 +2,8 @@
+Fri Apr 29 11:34:18 UTC 2016 - kstreit...@suse.com
+
+- add sudo-1.8.16-pam_groups.patch to do group setup in
+  policy_init_session() before calling out to the plugin. This makes
+  it possible for the pam_group module to change the group in
+  pam_setcred() [fate#318850]
+
+---

New:

  sudo-1.8.16-pam_groups.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.8UyTaq/_old  2016-05-05 13:18:32.0 +0200
+++ /var/tmp/diff_new_pack.8UyTaq/_new  2016-05-05 13:18:32.0 +0200
@@ -33,6 +33,7 @@
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch1: sudo-sudoers.patch
+Patch2: sudo-1.8.16-pam_groups.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -73,6 +74,7 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.16-pam_groups.patch ++
# HG changeset patch
# User Todd C. Miller 
# Date 1461862918 21600
# Node ID 814cda6025419e40b417f7d797757e11259feef2
# Parent  ef0a5428a5744ca1c7fcb1874d1fff37becc6a90
Do group setup in policy_init_session() before calling out to the
plugin.  This makes it possible for the pam_group module to change
the group in pam_setcred().  It's a bit bogus since pam_setcred()
is documented as not changing the group or user ID, but pam_group
is shipped with stock Linux-PAM so we need to support it.

diff -r ef0a5428a574 -r 814cda602541 src/sudo.c
--- a/src/sudo.cTue Apr 26 14:39:42 2016 -0600
+++ b/src/sudo.cThu Apr 28 11:01:58 2016 -0600
@@ -939,7 +939,8 @@
 }
 
 /*
- * Setup the execution environment immediately prior to the call to execve()
+ * Setup the execution environment immediately prior to the call to execve().
+ * Group setup is performed by policy_init_session(), called earlier.
  * Returns true on success and false on failure.
  */
 bool
@@ -1018,30 +1019,6 @@
 #endif /* HAVE_LOGIN_CAP_H */
 }
 
-/*
- * Set groups, including supplementary group vector.
- */
-if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
-   if (details->ngroups >= 0) {
-   if (sudo_setgroups(details->ngroups, details->groups) < 0) {
-   sudo_warn(U_("unable to set supplementary group IDs"));
-   goto done;
-   }
-   }
-}
-#ifdef HAVE_SETEUID
-if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
-   sudo_warn(U_("unable to set effective gid to runas gid %u"),
-   (unsigned int)details->egid);
-   goto done;
-}
-#endif
-if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
-   sudo_warn(U_("unable to set gid to runas gid %u"),
-   (unsigned int)details->gid);
-   goto done;
-}
-
 if (ISSET(details->flags, CD_SET_PRIORITY)) {
if (setpriority(PRIO_PROCESS, 0, details->priority) != 0) {
sudo_warn(U_("unable to set process priority"));
@@ -1365,6 +1342,35 @@
 int rval = true;
 debug_decl(policy_init_session, SUDO_DEBUG_PCOMM)
 
+/*
+ * We set groups, including supplementary group vector,
+ * as part of the session setup.  This allows for dynamic
+ * groups to be set via pam_group(8) in pam_setcred(3).
+ */
+if (!ISSET(details->flags, CD_PRESERVE_GROUPS)) {
+   if (details->ngroups >= 0) {
+   if (sudo_setgroups(details->ngroups, details->groups) < 0) {
+   sudo_warn(U_("unable to set supplementary group IDs"));
+   rval = -1;
+   goto done;
+   }
+   }
+}
+#ifdef HAVE_SETEUID
+if (ISSET(details->flags, CD_SET_EGID) && setegid(details->egid)) {
+   sudo_warn(U_("unable to set effective gid to runas gid %u"),
+   (unsigned int)details->egid);
+   rval = -1;
+   goto done;
+}
+#endif
+if (ISSET(details->flags, CD_SET_GID) && setgid(details->gid)) {
+   sudo_warn(U_("unable to set gid to runas gid %u"),
+   (unsigned int)details->gid);
+   rval = -1;
+   goto done;
+}
+
 if (policy_plugin.u.policy->init_session) {
/*
 * Backwards compatibility for older API versions
@@ 

commit sudo for openSUSE:Factory

2016-03-26 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2016-03-26 15:11:50

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2015-11-12 
19:39:26.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2016-03-26 
15:11:51.0 +0100
@@ -1,0 +2,59 @@
+Sat Mar 19 10:02:09 UTC 2016 - mplus...@suse.com
+
+- Add gpg signature
+- Use valid category for tests
+
+---
+Thu Mar 17 23:32:59 UTC 2016 - mich...@stroeder.com
+
+- update to 1.8.16:
+ * Fixed a compilation error on Solaris 10 with Stun Studio 12.
+   Bug #727.
+ * When preserving variables from the invoking user's environment, if
+   there are duplicates sudo now only keeps the first instance.
+ * Fixed a bug that could cause warning mail to be sent in list
+   mode (sudo -l) for users without sudo privileges when the
+   LDAP and sssd backends are used.
+ * Fixed a bug that prevented the "mail_no_user" option from working
+   properly with the LDAP backend.
+ * In the LDAP and sssd backends, white space is now ignored between
+   an operator (!, +, +=, -=) when parsing a sudoOption.
+ * It is now possible to disable Path settings in sudo.conf
+   by omitting the path name.
+ * The sudoedit_checkdir Defaults option is now enabled by default
+   and has been extended.  When editing files with sudoedit, each
+   directory in the path to be edited is now checked.  If a directory
+   is writable by the invoking user, symbolic links will not be
+   followed.  If the parent directory of the file to be edited is
+   writable, sudoedit will refuse to edit it.
+   Bug #707.
+ * The netgroup_tuple Defaults option has been added to enable matching
+   of the entire netgroup tuple, not just the host or user portion.
+   Bug #717.
+ * When matching commands based on the SHA2 digest, sudo will now
+   use fexecve(2) to execute the command if it is available.  This
+   fixes a time of check versus time of use race condition when the
+   directory holding the command is writable by the invoking user.
+ * On AIX systems, sudo now caches the auth registry string along
+   with password and group information.  This fixes a potential
+   problem when a user or group of the same name exists in multiple
+   auth registries.  For example, local and LDAP.
+ * Fixed a crash in the SSSD backend when the invoking user is not
+   found.  Bug #732.
+ * Added the --enable-asan configure flag to enable address sanitizer
+   support.  A few minor memory leaks have been plugged to quiet
+   the ASAN leak detector.
+ * The value of _PATH_SUDO_CONF may once again be overridden via
+   the Makefile.  Bug #735.
+ * The sudoers2ldif script now handles multiple roles with same name.
+ * Fixed a compilation error on systems that have the posix_spawn()
+   and posix_spawnp() functions but an unusable spawn.h header.
+   Bug #730.
+ * Fixed support for negating character classes in sudo's version
+   of the fnmatch() function.
+ * Fixed a bug in the LDAP and SSSD backends that could allow an
+   unauthorized user to list another user's privileges.  Bug #738.
+ * The PAM conversation function now works around an ambiguity in the
+   PAM spec with respect to multiple messages.  Bug #726.
+
+---

Old:

  sudo-1.8.15.tar.gz

New:

  sudo-1.8.16.tar.gz
  sudo-1.8.16.tar.gz.sig
  sudo.keyring



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.ncoL1i/_old  2016-03-26 15:11:53.0 +0100
+++ /var/tmp/diff_new_pack.ncoL1i/_new  2016-03-26 15:11:53.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,17 +17,19 @@
 
 
 Name:   sudo
-Version:1.8.15
+Version:1.8.16
 Release:0
 Summary:Execute some commands as root
 License:ISC
 Group:  System/Base
-Url:http://www.sudo.ws/
-Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
+Url:https://www.sudo.ws/
+Source0:https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:sudo.pamd
 Source2:README.SUSE
 Source3:fate_313276_test.sh
 Source4:README_313276.test
+Source5:https://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz.sig
+Source6:  

commit sudo for openSUSE:Factory

2015-11-12 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2015-11-12 19:39:25

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is "sudo"

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2015-08-17 
15:34:52.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2015-11-12 
19:39:26.0 +0100
@@ -1,0 +2,72 @@
+Fri Nov  6 11:55:17 UTC 2015 - kstreit...@suse.com
+
+- update to 1.8.15:
+  * Fixed a bug that prevented sudo from building outside the source 
+tree on some platforms. Bug #708.
+  * Fixed the location of the sssd library in the RHEL/Centos packages.
+Bug #710.
+  * Fixed a build problem on systems that don't implicitly include
+sys/types.h from other header files. Bug #711.
+  * Fixed a problem on Linux using containers where sudo would ignore
+signals sent by a process in a different container.
+  * Sudo now refuses to run a command if the PAM session module returns
+an error.
+  * When editing files with sudoedit, symbolic links will no longer be
+followed by default. The old behavior can be restored by enabling
+the sudoedit_follow option in sudoers or on a per-command basis with
+the FOLLOW and NOFOLLOW tags. Bug #707.
+  * Fixed a bug introduced in version 1.8.14 that caused the last valid
+editor in the sudoers "editor" list to be used by visudo and sudoedit
+instead of the first. Bug #714.
+  * Fixed a bug in visudo that prevented the addition of a final newline
+to edited files without one.
+  * Fixed a bug decoding certain base64 digests in sudoers when the
+intermediate format included a '=' character.
+  * Individual records are now locked in the time stamp file instead of
+the entire file. This allows sudo to avoid prompting for a password
+multiple times on the same terminal when used in a pipeline.
+In other words, sudo cat foo | sudo grep bar now only prompts for
+the password once. Previously, both sudo processes would prompt for
+a password, often making it impossible to enter. Bug #705.
+  * Fixed a bug where sudo would fail to run commands as a non-root user
+on systems that lack both setresuid() and setreuid(). Bug #713.
+  * Fixed a bug introduced in sudo 1.8.14 that prevented visudo from
+re-editing the correct file when a syntax error was detected.
+  * Fixed a bug where sudo would not relay a SIGHUP signal to the command
+when the terminal is closed and the command is not run in its own
+pseudo-tty. Bug #719.
+  * If some, but not all, of the LOGNAME, USER or USERNAME environment
+variables have been preserved from the invoking user's environment,
+sudo will now use the preserved value to set the remaining variables
+instead of using the runas user. This ensures that if, for example,
+only LOGNAME is present in the env_keep list, that sudo will not set
+USER and USERNAME to the runas user.
+  * When the command sudo is running dies due to a signal, sudo will now
+send itself that same signal with the default signal handler installed
+instead of exiting. The bash shell appears to ignore some signals,
+e.g. SIGINT, unless the command being run is killed by that signal.
+This makes the behavior of commands run under sudo the same as
+without sudo when bash is the shell. Bug #722.
+  * Slovak translation for sudo from translationproject.org.
+  * Hungarian and Slovak translations for sudoers from
+translationproject.org.
+  * Previously, when env_reset was enabled (the default) and the
+-s option was not used, the SHELL environment variable was set to the
+shell of the invoking user. Now, when env_reset is enabled and the
+-s option is not used, SHELL is set based on the target user.
+  * Fixed challenge/response style BSD authentication.
+  * Added the sudoedit_checkdir Defaults option to prevent sudoedit from
+editing files located in a directory that is writable by the
+invoking user.
+  * Added the always_query_group_plugin Defaults option to control
+whether groups not found in the system group database are passed to
+the group plugin. Previously, unknown system groups were always
+passed to the group plugin.
+  * When creating a new file, sudoedit will now check that the file's
+parent directory exists before running the editor.
+  * Fixed the compiler stack protector test in configure for compilers
+that support -fstack-protector but don't actually have the ssp
+library available.
+- use spec-cleaner
+
+---

Old:

  sudo-1.8.14p3.tar.gz

New:

  sudo-1.8.15.tar.gz




commit sudo for openSUSE:Factory

2015-08-17 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2015-08-17 15:34:51

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2015-07-28 
11:42:10.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2015-08-17 
15:34:52.0 +0200
@@ -1,0 +2,15 @@
+Wed Aug 12 18:29:20 UTC 2015 - jeng...@inai.de
+
+- No need to buildrequire an sssd plugin (libsss_sudo)
+
+---
+Wed Aug 12 06:29:33 UTC 2015 - dims...@opensuse.org
+
+- Pass --enable-tmpfiles.d=%{_tmpfilesdir} to configure: let's be
+  specific about this feature, and not randomly rely on the
+  presence/absence of /usr/lib/tmpfiles.d/systemd.conf.
+- Add systemd-rpm-macros BuildRequires to ensure %_tmpfilesdir is
+  defined.
+- Add relevant %tmpfiles_create call to post scriptlet.
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.6dt1s5/_old  2015-08-17 15:34:53.0 +0200
+++ /var/tmp/diff_new_pack.6dt1s5/_new  2015-08-17 15:34:53.0 +0200
@@ -34,9 +34,9 @@
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
-BuildRequires:  libsss_sudo
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  zlib-devel
 Requires(pre):  coreutils
 Requires(pre):  permissions
@@ -84,6 +84,7 @@
 --libexecdir=%{_libexecdir}/sudo \
 --docdir=%{_docdir}/%{name} \
 --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \
+--enable-tmpfiles.d=%{_tmpfilesdir} \
 --with-pam \
 --with-ldap \
 --with-selinux \
@@ -135,6 +136,7 @@
 %else
 %set_permissions /usr/bin/sudo
 %endif
+%tmpfiles_create %{_tmpfilesdir}/sudo.conf
 
 %verifyscript
 %verify_permissions -e /usr/bin/sudo
@@ -169,6 +171,8 @@
 %{_libexecdir}/%{name}/system_group.so
 %{_libexecdir}/%{name}/libsudo_util.so.*
 %attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
+%{_tmpfilesdir}/sudo.conf
+%ghost %{_localstatedir}/lib/sudo/ts
 
 %files devel
 %defattr(-,root,root)




commit sudo for openSUSE:Factory

2015-07-28 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2015-07-28 11:42:09

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2015-07-24 
09:58:00.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2015-07-28 
11:42:10.0 +0200
@@ -1,0 +2,58 @@
+Thu Jul 23 10:09:08 UTC 2015 - kstreit...@suse.com
+
+- update to 1.8.14p3:
+  * changes in 1.8.14p3
+* Fixed a bug introduced in sudo 1.8.14p2 that prevented sudo 
+  from working when no tty was present. Bug #706.
+* Fixed tty detection on newer AIX systems where dev_t is 64-bit.
+  * changes in 1.8.14p2
+* Fixed a bug introduced in sudo 1.8.14 that prevented the
+  lecture file from being created. Bug #704.
+  * changes in 1.8.14p1
+* Fixed a bug introduced in sudo 1.8.14 that prevented the sssd
+  backend from working. Bug #703.
+  * changes in 1.8.14
+* Log messages on Mac OS X now respect sudoers_locale when sudo
+  is build with NLS support.
+* The sudo manual pages now pass mandoc -Tlint with no warnings.
+* Fixed a compilation problem on systems with the sig2str()
+  function that do not define SIG2STR_MAX in signal.h.
+* Worked around a compiler bug that resulted in unexpected
+  behavior when returning an int from a function declared to
+  return bool without an explicit cast.
+* Worked around a bug in Mac OS X 10.10 BSD auditing where the
+  au_preselect() fails for AUE_sudo events but succeeds for 
+  AUE_DARWIN_sudo.
+* Fixed a hang on Linux systems with glibc when sudo is linked
+  with jemalloc.
+* When the user runs a command as a user ID that is not present
+  in the password database via the -u flag, the command is now
+  run with the group ID of the invoking user instead of group ID 0.
+* Fixed a compilation problem on systems that don't pull in
+  definitions of uid_t and gid_t without sys/types.h or unistd.h.
+* Fixed a compilation problem on newer AIX systems which use a
+  struct st_timespec for time stamps in struct stat that differs
+  from struct timespec. Bug #702.
+* The example directory is now configurable via --with-exampledir
+  and defaults to DATAROOTDIR/examples/sudo on BSD systems.
+* The /usr/lib/tmpfiles.d/sudo.conf file is now installed as part
+  of make install when systemd is in use.
+* Fixed a linker problem on some systems with libintl. Bug #690.
+* Fixed compilation with compilers that don't support __func__ or
+  __FUNCTION__.
+* Sudo no longer needs to uses weak symbols to support localization
+  in the warning functions. A registration function is used instead.
+* Fixed a setresuid() failure in sudoers on Linux kernels where
+  uid changes take the nproc resource limit into account.
+* Fixed LDAP netgroup queries on AIX.
+* Sudo will now display the custom prompt on Linux systems with
+  PAM even if the Password:  prompt is not localized by the
+  PAM module. Bug #701.
+* Double-quoted values in an LDAP sudoOption are now supported
+  for consistency with file-based sudoers.
+* Fixed a bug that prevented the btime entry in /proc/stat from
+  being parsed on Linux.
+  * update sudo-sudoers.patch
+  * remove sudo-parse_boottime_properly.patch (it's not longer needed) 
+
+---

Old:

  sudo-1.8.13.tar.gz
  sudo-parse_boottime_properly.patch

New:

  sudo-1.8.14p3.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.umd1gf/_old  2015-07-28 11:42:11.0 +0200
+++ /var/tmp/diff_new_pack.umd1gf/_new  2015-07-28 11:42:11.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.13
+Version:1.8.14p3
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -31,7 +31,6 @@
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the SUSE branding of the default sudo config
 Patch1: sudo-sudoers.patch
-Patch2: sudo-parse_boottime_properly.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -72,7 +71,6 @@
 %setup -q
 %patch0 -p1 
 %patch1 -p1
-%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-sudoers.patch ++
--- /var/tmp/diff_new_pack.umd1gf/_old  2015-07-28 11:42:11.0 +0200
+++ /var/tmp/diff_new_pack.umd1gf/_new  2015-07-28 11:42:11.0 +0200
@@ -1,6 +1,8 @@
 plugins/sudoers/sudoers.in 2014-09-23 12:40:15.0 -0400
-+++ 

commit sudo for openSUSE:Factory

2015-07-24 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2015-07-24 09:57:59

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2015-05-16 
20:08:02.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2015-07-24 
09:58:00.0 +0200
@@ -1,0 +2,5 @@
+Wed Jul 22 18:27:35 UTC 2015 - crrodrig...@opensuse.org
+
+- BuildRequires zlib-devel, support zlib compressed I/O logs. 
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.2gSzFe/_old  2015-07-24 09:58:01.0 +0200
+++ /var/tmp/diff_new_pack.2gSzFe/_new  2015-07-24 09:58:01.0 +0200
@@ -38,6 +38,7 @@
 BuildRequires:  libsss_sudo
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
+BuildRequires:  zlib-devel
 Requires(pre):  coreutils
 Requires(pre):  permissions
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build




commit sudo for openSUSE:Factory

2015-05-16 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2015-05-16 20:08:01

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2015-02-27 
10:56:54.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2015-05-16 
20:08:02.0 +0200
@@ -1,0 +2,39 @@
+Thu May 14 12:47:49 UTC 2015 - vci...@suse.com
+
+- update to 1.8.13
+ * The examples directory is now a subdirectory of the doc dir to
+   conform to Debian guidelines.  Bug #682.
+ * Fixed a compilation error for siglist.c and signame.c on some
+   systems.  Bug #686
+ * Weak symbols are now used for sudo_warn_gettext() and
+   sudo_warn_strerror() in libsudo_util to avoid link errors when
+   -Wl,--no-undefined is used in LDFLAGS.  The --disable-weak-symbols
+   configure option can be used to disable the user of weak symbols.
+ * Fixed a bug in sudo's mkstemps() replacement function that
+   prevented the file extension from being preserved in sudoedit.
+ * A new mail_all_cmnds sudoers flag will send mail when a user runs
+   a command (or tries to). The behavior of the mail_always flag has
+   been restored to always send mail when sudo is run.
+ * New MAIL and NOMAIL command tags have been added to toggle
+   mail sending behavior on a per-command (or Cmnd_Alias) basis.
+ * Fixed matching of empty passwords when sudo is configured to
+   use passwd (or shadow) file authentication on systems where the
+   crypt() function returns NULL for invalid salts.
+ * The all setting for listpw and verifypw now works correctly
+   with LDAP and sssd sudoers.
+ * The sudo timestamp directory is now created at boot time on
+   platforms that use systemd.
+ * Sudo will now restore the value of the SIGPIPE handler before
+   executing the command.
+ * Sudo now uses struct timespec instead of struct timeval for
+   time keeping when possible.  If supported, sudoedit and visudo
+   now use nanosecond granularity time stamps.
+ * Fixed a symbol name collision with systems that have their own
+   SHA2 implementation.  This fixes a problem where PAM could use
+   the wrong SHA2 implementation on Solaris 10 systems configured
+   to use SHA512 for passwords.
+ * The editor invoked by sudoedit once again uses an unmodified
+   copy of the user's environment as per the documentation.  This
+   was inadvertantly changed in sudo 1.8.0.  Bug #688.
+
+---

Old:

  sudo-1.8.12.tar.gz

New:

  sudo-1.8.13.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.L2bKSo/_old  2015-05-16 20:08:03.0 +0200
+++ /var/tmp/diff_new_pack.L2bKSo/_new  2015-05-16 20:08:03.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.12
+Version:1.8.13
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -128,8 +128,6 @@
 install -m 755 %{SOURCE4} %{buildroot}/var/lib/tests/sudo
 install -d %{buildroot}%{_docdir}/%{name}-test
 install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
-mkdir -p %{buildroot}/%{_docdir}/sudo/examples/
-mv %{buildroot}/usr/share/examples/sudo/* 
%{buildroot}/%{_docdir}/sudo/examples/
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers

++ sudo-1.8.12.tar.gz - sudo-1.8.13.tar.gz ++
 39576 lines of diff (skipped)

++ sudo-parse_boottime_properly.patch ++
--- /var/tmp/diff_new_pack.L2bKSo/_old  2015-05-16 20:08:03.0 +0200
+++ /var/tmp/diff_new_pack.L2bKSo/_new  2015-05-16 20:08:03.0 +0200
@@ -1,8 +1,10 @@
 From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762465
 
 a/plugins/sudoers/boottime.c
-+++ b/plugins/sudoers/boottime.c
-@@ -80,6 +80,8 @@
+Index: sudo-1.8.13/plugins/sudoers/boottime.c
+===
+--- sudo-1.8.13.orig/plugins/sudoers/boottime.c2015-03-18 
18:05:51.0 +0100
 sudo-1.8.13/plugins/sudoers/boottime.c 2015-05-14 14:48:33.855294076 
+0200
+@@ -79,6 +79,8 @@ get_boottime(struct timespec *ts)
  if (fp != NULL) {
while ((len = getline(line, linesize, fp)) != -1) {
if (strncmp(line, btime , 6) == 0) {
@@ -10,4 +12,4 @@
 +  line[len - 1] = '\0';
long long llval = strtonum(line + 6, 1, LLONG_MAX, NULL);
if (llval  0) {
-   tv-tv_sec = (time_t)llval;
+   ts-tv_sec = (time_t)llval;




commit sudo for openSUSE:Factory

2015-02-27 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2015-02-27 10:56:53

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-12-21 
12:03:04.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2015-02-27 
10:56:54.0 +0100
@@ -1,0 +2,40 @@
+Sun Feb 22 15:29:28 UTC 2015 - vci...@suse.com
+
+- update to 1.8.12 (fixes bnc#918953)
+- changelog:
+  * The embedded copy of zlib has been upgraded to version 1.2.8 and
+is now installed as a shared library where supported.
+  * Debug settings for the sudo front end and sudoers plugin are now 
configured separately.
+  * Multiple sudo.conf Debug entries may now be specified per program (or 
plugin).
+  * The plugin API has been extended such that the path to the plugin
+that was loaded is now included in the settings array. This path
+can be used to register with the debugging subsystem. The debug_flags
+setting is now prefixed with a file name and may be specified multiple
+times if there is more than one matching Debug setting in sudo.conf.
+  * The sudoers regression tests now run with the locale set to C since
+some of the tests compare output that includes locale-specific messages. 
Bug #672.
+  * Fixed a bug where sudo would not run commands on Linux when compiled
+with audit support if audit is disabled. Bug #671.
+  * The default password prompt now includes a trailing space after
+Password: for consistency with su(1) on most systems. Bug #663.
+  * Visudo will now use the optional sudoers_file, sudoers_mode,
+sudoers_uid and sudoers_gid arguments if specified on the sudoers.so 
Plugin line in the sudo.conf file.
+  * Fixed a problem introduced in sudo 1.8.8 that prevented the full
+host name from being used when the fqdn sudoers option is used. Bug #678.
+  * Sudo now installs a handler for SIGCHLD signal handler immediately
+before stating the process that will execute the command (or start the 
monitor).
+  * Removed a limit on the length of command line arguments expanded by
+a wild card using sudo's version of the fnmatch() function.
+This limit was introduced when sudo's version of fnmatch() was replaced in 
sudo 1.8.4.
+  * LDAP-based sudoers can now query an LDAP server for a user's netgroups
+directly. This is often much faster than fetching every sudoRole object
+containing a sudoUser that begins with a `+' prefix and checking
+whether the user is a member of any of the returned netgroups.
+  * The mail_always sudoers option no longer sends mail for
+sudo -l or sudo -v unless the user is unable to authenticate themselves.
+  * Fixed a crash when sudo is run with an empty argument vector.
+  * Fixed two potential crashes when sudo is run with very low resource limits.
+  * The TZ environment variable is now checked for safety instead of simply
+being copied to the environment of the command. This fixes a potential 
security issue.
+
+---

Old:

  sudo-1.8.11p2.tar.gz

New:

  sudo-1.8.12.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.antGnX/_old  2015-02-27 10:56:55.0 +0100
+++ /var/tmp/diff_new_pack.antGnX/_new  2015-02-27 10:56:55.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.11p2
+Version:1.8.12
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -128,6 +128,8 @@
 install -m 755 %{SOURCE4} %{buildroot}/var/lib/tests/sudo
 install -d %{buildroot}%{_docdir}/%{name}-test
 install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
+mkdir -p %{buildroot}/%{_docdir}/sudo/examples/
+mv %{buildroot}/usr/share/examples/sudo/* 
%{buildroot}/%{_docdir}/sudo/examples/
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers

++ sudo-1.8.11p2.tar.gz - sudo-1.8.12.tar.gz ++
 57715 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2014-12-21 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-12-21 12:04:16

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-11-15 
12:28:51.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-12-21 
12:03:04.0 +0100
@@ -1,0 +2,6 @@
+Wed Dec 17 09:52:47 UTC 2014 - vci...@suse.com
+
+- correctly parse /proc/stat for boottime (bnc#899252)
+  * added sudo-parse_boottime_properly.patch from Debian
+
+---

New:

  sudo-parse_boottime_properly.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.EIXYfA/_old  2014-12-21 12:03:06.0 +0100
+++ /var/tmp/diff_new_pack.EIXYfA/_new  2014-12-21 12:03:06.0 +0100
@@ -31,6 +31,7 @@
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the SUSE branding of the default sudo config
 Patch1: sudo-sudoers.patch
+Patch2: sudo-parse_boottime_properly.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -70,6 +71,7 @@
 %setup -q
 %patch0 -p1 
 %patch1 -p1
+%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-parse_boottime_properly.patch ++
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762465

--- a/plugins/sudoers/boottime.c
+++ b/plugins/sudoers/boottime.c
@@ -80,6 +80,8 @@
 if (fp != NULL) {
while ((len = getline(line, linesize, fp)) != -1) {
if (strncmp(line, btime , 6) == 0) {
+   if (line[len - 1] == '\n')
+   line[len - 1] = '\0';
long long llval = strtonum(line + 6, 1, LLONG_MAX, NULL);
if (llval  0) {
tv-tv_sec = (time_t)llval;
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2014-11-15 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-11-15 11:44:23

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-10-29 
21:08:50.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-11-15 
12:28:51.0 +0100
@@ -1,0 +2,9 @@
+Thu Nov  6 12:35:03 UTC 2014 - fst...@suse.com
+
+- update to 1.8.11p2
+  * Fixed a bug where dynamic shared objects loaded from a plugin
+could use the hooked version of getenv() but not the hooked
+versions of putenv(), setenv() or unsetenv().  This can cause
+problems for PAM modules that use those functions.
+
+---

Old:

  sudo-1.8.11p1.tar.gz

New:

  sudo-1.8.11p2.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.BU2CXz/_old  2014-11-15 12:28:53.0 +0100
+++ /var/tmp/diff_new_pack.BU2CXz/_new  2014-11-15 12:28:53.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.11p1
+Version:1.8.11p2
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.8.11p1.tar.gz - sudo-1.8.11p2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.11p1/ChangeLog new/sudo-1.8.11p2/ChangeLog
--- old/sudo-1.8.11p1/ChangeLog 2014-10-08 04:29:28.0 +0200
+++ new/sudo-1.8.11p2/ChangeLog 2014-10-29 20:40:09.0 +0100
@@ -1,3 +1,16 @@
+2014-10-29  Todd C. Miller  todd.mil...@courtesan.com
+
+   * NEWS, configure, configure.ac:
+   Sudo 1.8.11p2
+   [caff4aedc61a]
+
+   * src/env_hooks.c:
+   Mark the putenv(), setenv() and unsetenv() symbols as global, not
+   hidden. Fixes a mismatch where a plugin (or its loaded dso) would
+   call setenv() to set a variables but be unable to find it later with
+   getenv().
+   [96127ac4bbb3]
+
 2014-10-07  Todd C. Miller  todd.mil...@courtesan.com
 
* NEWS:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.11p1/NEWS new/sudo-1.8.11p2/NEWS
--- old/sudo-1.8.11p1/NEWS  2014-10-08 04:29:03.0 +0200
+++ new/sudo-1.8.11p2/NEWS  2014-10-29 22:56:21.0 +0100
@@ -1,3 +1,10 @@
+What's new in Sudo 1.8.11p2
+
+ * Fixed a bug where dynamic shared objects loaded from a plugin
+   could use the hooked version of getenv() but not the hooked
+   versions of putenv(), setenv() or unsetenv().  This can cause
+   problems for PAM modules that use those functions.
+
 What's new in Sudo 1.8.11p1
 
  * Fixed a compilation problem on some systems when the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.11p1/configure new/sudo-1.8.11p2/configure
--- old/sudo-1.8.11p1/configure 2014-10-07 22:26:20.0 +0200
+++ new/sudo-1.8.11p2/configure 2014-10-29 22:56:21.0 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.8.11p1.
+# Generated by GNU Autoconf 2.69 for sudo 1.8.11p2.
 #
 # Report bugs to http://www.sudo.ws/bugs/.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.11p1'
-PACKAGE_STRING='sudo 1.8.11p1'
+PACKAGE_VERSION='1.8.11p2'
+PACKAGE_STRING='sudo 1.8.11p2'
 PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
 PACKAGE_URL=''
 
@@ -1507,7 +1507,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat _ACEOF
-\`configure' configures sudo 1.8.11p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.11p2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1572,7 +1572,7 @@
 
 if test -n $ac_init_help; then
   case $ac_init_help in
- short | recursive ) echo Configuration of sudo 1.8.11p1:;;
+ short | recursive ) echo Configuration of sudo 1.8.11p2:;;
esac
   cat \_ACEOF
 
@@ -1807,7 +1807,7 @@
 test -n $ac_init_help  exit $ac_status
 if $ac_init_version; then
   cat \_ACEOF
-sudo configure 1.8.11p1
+sudo configure 1.8.11p2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2516,7 +2516,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.8.11p1, which was
+It was created by sudo $as_me 1.8.11p2, which was
 generated 

commit sudo for openSUSE:Factory

2014-10-29 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-10-29 21:08:48

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-05-17 
06:43:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-10-29 
21:08:50.0 +0100
@@ -1,0 +2,74 @@
+Sat Oct 11 02:09:17 UTC 2014 - tabra...@suse.com
+
+- refresh sudo-sudoers.patch
+- update to 1.8.11p1
+  * Fixed a compilation problem on some systems when the 
+--disable-shared-libutil configure option was specified.
+  * The user can no longer interrupt the sleep after an incorrect password on 
+PAM systems using pam_unix. Bug #666.
+  * Fixed a compilation problem on Linux systems that do not use PAM. Bug #667.
+  * make install will now work with the stock GNU autotools install-sh 
+script. Bug #669.
+  * Fixed a crash with sudo -i when the current working directory does not 
+exist. Bug #670.
+  * Fixed a potential crash in the debug subsystem when logging a message 
+larger that 1024 bytes.
+  * Fixed a make check failure for ttyname when stdin is closed and stdout 
+and stderr are redirected to a different tty. Bug #643.
+  * Added BASH_FUNC_* to environment blacklist to match newer-style bash 
+functions. 
+
+- changes from 1.8.11
+  * The sudoers plugin no longer uses setjmp/longjmp to recover from fatal 
+errors. All errors are now propagated to the caller via return codes.
+  * When running a command in the background, sudo will now forward SIGINFO to 
+the command (if supported).
+  * Sudo will now use the system versions of the sha2 functions from libc or 
+libmd if available.
+  * Visudo now works correctly on GNU Hurd. Bug #647.
+  * Fixed suspend and resume of curses programs on some system when the 
+command is not being run in a pseudo-terminal. Bug #649.
+  * Fixed a crash with LDAP-based sudoers on some systems when Kerberos was 
+enabled.
+  * Sudo now includes optional Solaris audit support.
+  * Catalan translation for sudoers from translationproject.org.
+  * Norwegian Bokmaal translation for sudo from translationproject.org.
+  * Greek translation for sudoers from translationproject.org
+  * The sudo source tree has been reorganized to more closely resemble that of 
+other gettext-enabled packages. 
+  * Sudo and its associated programs now link against a shared version of 
+libsudo_util. The --disable-shared-libutil configure option may be used to 
+force static linking if the --enable-static-sudoers option is also 
+specified.
+  * The passwords in ldap.conf and ldap.secret may now be encoded in base64.
+  * Audit updates. SELinux role changes are now audited. For sudoedit, we now 
+audit the actual editor being run, instead of just the sudoedit command.
+  * Fixed bugs in the man page post-processing that could cause portions of 
the 
+manuals to be removed.
+  * Fixed a crash in the system_group plugin. Bug #653.
+  * Fixed sudoedit on platforms without a native version of the getprogname() 
+function. Bug #654.
+  * Fixed compilation problems with some pre-C99 compilers.
+  * Fixed sudo's -C option which was broken in version 1.8.9.
+  * It is now possible to match an environment variable's value as well as its 
+name using env_keep and env_check. This can be used to preserve bash 
+functions which would otherwise be removed from the environment.
+  * New files created via sudoedit as a non-root user now have the proper 
+group id. Bug #656.
+  * Sudoedit now works correctly in conjunction with sudo's SELinux RBAC 
+support. Temporary files are now created with the proper security context.
+  * The sudo I/O logging plugin API has been updated. If a logging function 
+returns an error, the command will be terminated and all of the plugin's 
+logging functions will be disabled. If a logging function rejects the 
+command's output it will no longer be displayed to the user's terminal.
+  * Fixed a compilation error on systems that lack openpty(), _getpty() and 
+grantpt(). Bug #660.
+  * Fixed a hang when a sudoers source is listed more than once in a single 
+sudoers nsswitch.conf entry.
+  * On AIX, shell scripts without a #! magic number are now passed to 
+/usr/bin/sh, not /usr/bin/bsh. This is consistent with what the execvp() 
+function on AIX does and matches historic sudo behavior. Bug #661.
+  * Fixed a cross-compilation problem building mksiglist and mksigname. 
+Bug #662. 
+
+---

Old:

  sudo-1.8.10p3.tar.gz

New:

  sudo-1.8.11p1.tar.gz


commit sudo for openSUSE:Factory

2014-05-16 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-05-17 06:43:30

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-03-18 
16:21:27.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-05-17 
06:43:36.0 +0200
@@ -1,0 +2,20 @@
+Thu May 15 13:00:31 UTC 2014 - vci...@suse.com
+
+- update to 1.8.10p3
+  * Fixed expansion of the %p escape in the prompt for sudo -l
+when rootpw, runaspw or targetpw is set. Bug #639.
+  * Fixed matching of uids and gids which was broken in version 1.8.9
+  * PAM credential initialization has been re-enabled. It was
+unintentionally disabled by default in version 1.8.8. The way
+credentials are initialized has also been fixed. Bug #642.
+  * Fixed a descriptor leak on Linux when determing boot time. Sudo
+normally closes extra descriptors before running a command so
+the impact is limited. Bug #645.
+  * Fixed flushing of the last buffer of data when I/O logging is
+enabled. This bug, introduced in version 1.8.9, could cause
+incomplete command output on some systems. Bug #646.
+  * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
+is set to zero. Bug #638.
+- don't install test LICENSE with executable perms
+
+---

Old:

  sudo-1.8.10p1.tar.gz

New:

  sudo-1.8.10p3.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.wp3bgn/_old  2014-05-17 06:43:37.0 +0200
+++ /var/tmp/diff_new_pack.wp3bgn/_new  2014-05-17 06:43:37.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.10p1
+Version:1.8.10p3
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -31,7 +31,6 @@
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the SUSE branding of the default sudo config
 Patch1: sudo-sudoers.patch
-# PATCH-FIX-UPSTREAM: fixes 64bit-portability-issue ./sssd.c:829; sent upstream
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -125,7 +124,7 @@
 install -m 755 %{SOURCE3} %{buildroot}/var/lib/tests/sudo
 install -m 755 %{SOURCE4} %{buildroot}/var/lib/tests/sudo
 install -d %{buildroot}%{_docdir}/%{name}-test
-install -m 755 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
+install -m 644 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers

++ sudo-1.8.10p1.tar.gz - sudo-1.8.10p3.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.10p1/ChangeLog new/sudo-1.8.10p3/ChangeLog
--- old/sudo-1.8.10p1/ChangeLog 2014-03-13 22:20:38.0 +0100
+++ new/sudo-1.8.10p3/ChangeLog 2014-05-07 03:34:27.0 +0200
@@ -1,3 +1,88 @@
+2014-05-06  Todd C. Miller  todd.mil...@courtesan.com
+
+   * compat/getgrouplist.c, plugins/group_file/group_file.c,
+   plugins/system_group/system_group.c:
+   deal with NULL gr_mem here too
+   [0db43ed71001]
+
+   * NEWS, configure, configure.ac:
+   Sudo 1.8.10p3
+   [3f415a180023]
+
+2014-05-02  Todd C. Miller  todd.mil...@courtesan.com
+
+   * common/event.c:
+   Fix non-blocking mode. We only want to exit the event loop when
+   poll() or select() returns 0 and there are no active events. This
+   fixes a problem on some systems where the last buffer was not being
+   written when the command exited.
+   [deb6b1a7b241]
+
+2014-04-28  Todd C. Miller  todd.mil...@courtesan.com
+
+   * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
+   Make get_boottime() return bool.
+   [9ff15a995d01]
+
+   * doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
+   Fix fd leak on Linux when determing boot time. This is usually
+   masked by the closefrom() call in sudo. From Jamie Anderson. Bug
+   #645
+   [0b4c430e8b88]
+
+2014-04-15  Todd C. Miller  todd.mil...@courtesan.com
+
+   * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
+   Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
+   changing the user. This is the correct flag to use with a program
+   that changes the uid like su or sudo and fixes a role problem on
+   Solaris. From Gary Winiger; Bug #642
+   [ec23c3bf41bb]
+
+   * plugins/sudoers/defaults.c:
+   pam_setcred should default to true; from Gary Winiger Bug #642
+   [23e6628ec546]
+
+2014-04-09  Todd C. Miller  

commit sudo for openSUSE:Factory

2014-03-18 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-03-18 16:21:18

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-02-03 
11:40:48.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-03-18 
16:21:27.0 +0100
@@ -1,0 +2,41 @@
+Fri Mar 14 14:46:59 UTC 2014 - vci...@suse.com
+
+- update to 1.8.10p1
+  * Fixed a bug with netgated commands in sudo -l command that
+could cause the command to be listed even when it was explicitly
+denied. This only affected list mode when a command was specified.
+Bug #636.
+  * It is now possible to disable network interface probing in sudo.conf
+by changing the value of the probe_interfaces setting.
+  * When listing a user's privileges (sudo -l), the sudoers plugin
+will now prompt for the user's password even if the targetpw,
+rootpw or runaspw options are set.
+  * The sudoers plugin uses a new format for its time stamp files.
+Bug #616.
+  * sudo's -K option will now remove all of the user's time stamps,
+not just the time stamp for the current terminal.
+The -k option can be used to only disable time stamps for
+the current terminal.
+  * If sudo was started in the background and needed to prompt for a
+password, it was not possible to suspend it at the password prompt
+  * LDAP-based sudoers now uses a default search filter of
+(objectClass=sudoRole) for more efficient queries.
+The netgroup query has been modified to avoid falling below the
+minimum length for OpenLDAP substring indices.
+  * The new use_netgroups sudoers option can be used to explicitly
+enable or disable netgroups support. For LDAP-based sudoers,
+netgroup support requires an expensive substring match on the server.
+If netgroups are not needed, this option can be disabled to
+reduce the load on the LDAP server.
+  * Sudo is once again able to open the sudoers file when the group
+on sudoers doesn't match the expected value, so long as the
+file is not group writable.
+  * Sudo now installs an init.d script to clear the time stamp
+directory at boot time on AIX and HP-UX systems.
+These systems either lack /var/run or do not clear it on boot.
+  * The JSON format used by visudo -x now properly supports the
+negation operator. In addition, the Options object is now
+the same for both Defaults and Cmnd_Specs.
+  * Fixed parsing of the umask defaults setting in sudoers. Bug #632.
+
+---

Old:

  sudo-1.8.9p4.tar.gz

New:

  sudo-1.8.10p1.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.FxTFqF/_old  2014-03-18 16:21:28.0 +0100
+++ /var/tmp/diff_new_pack.FxTFqF/_new  2014-03-18 16:21:28.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.9p4
+Version:1.8.10p1
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -99,7 +99,7 @@
 --with-env-editor \
 --without-secure-path \
 --with-passprompt='%%p\x27s password:' \
---with-timedir=%{_localstatedir}/lib/sudo \
+--with-rundir=%{_localstatedir}/lib/sudo \
 --with-sssd
 make %{?_smp_mflags}
 

++ sudo-1.8.9p4.tar.gz - sudo-1.8.10p1.tar.gz ++
 29239 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2014-02-03 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-02-03 11:40:47

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-01-30 
06:55:48.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-02-03 
11:40:48.0 +0100
@@ -1,0 +2,5 @@
+Thu Jan 30 12:12:28 UTC 2014 - vci...@suse.com
+
+- added subpackage with a test for fate#313276
+
+---

New:

  README_313276.test
  fate_313276_test.sh



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.2VvTsh/_old  2014-02-03 11:40:49.0 +0100
+++ /var/tmp/diff_new_pack.2VvTsh/_new  2014-02-03 11:40:49.0 +0100
@@ -26,6 +26,8 @@
 Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:sudo.pamd
 Source2:README.SUSE
+Source3:fate_313276_test.sh
+Source4:README_313276.test
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the SUSE branding of the default sudo config
 Patch1: sudo-sudoers.patch
@@ -56,6 +58,14 @@
 %description devel
 These header files are needed for building of sudo plugins.
 
+%package test
+Summary:Tests for the package
+Group:  Development/Tests
+Requires:   %{name} = %{version}
+
+%description test
+Tests for fate#313276
+
 %prep
 %setup -q
 %patch0 -p1 
@@ -110,6 +120,12 @@
 %find_lang %{name}
 %find_lang sudoers
 cat sudoers.lang  %{name}.lang
+# tests
+install -d -m 755 %{buildroot}/var/lib/tests/sudo
+install -m 755 %{SOURCE3} %{buildroot}/var/lib/tests/sudo
+install -m 755 %{SOURCE4} %{buildroot}/var/lib/tests/sudo
+install -d %{buildroot}%{_docdir}/%{name}-test
+install -m 755 %{buildroot}%{_docdir}/%{name}/LICENSE 
%{buildroot}%{_docdir}/%{name}-test/LICENSE
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers
@@ -122,9 +138,6 @@
 %verifyscript
 %verify_permissions -e /usr/bin/sudo
 
-%clean
-rm -rf %{buildroot}
-
 %files -f %{name}.lang
 %defattr(-,root,root)
 %doc %{_docdir}/%{name}
@@ -147,4 +160,9 @@
 %defattr(-,root,root)
 %{_includedir}/sudo_plugin.h
 
+%files test
+%defattr(-,root, root)
+/var/lib/tests
+%{_docdir}/%{name}-test/
+
 %changelog

++ README_313276.test ++
To verify that sudo works with SSSD,
there's has to be a working LDAP server where the sudoers file
will be saved, local running SSSD and sudo configured to use
the SSSD plugin.

The sudoers file has to be stored in LDAP.
A [sudo] service has to be configured in /etc/sssd/sssd.conf
Sudo needs to be instructed to use SSSD, this is done in /etc/nsswitch.conf,
by adding a line sudoers: files sss

Related material:

/usr/share/doc/packages/sudo/README.LDAP provides a guide how to
make sudo work with LDAP.

man sudoers.ldap(5) describes the LDAP-based sudoers file

man sssd-ldap(5) describes the LDAP sudo options.

++ fate_313276_test.sh ++
#!/bin/sh

if [ $(id -u) -ne 0 ]; then
printf Please run the test as root.\n
exit 1
fi

if sudo -V | grep -q -- --with-sssd; then
printf OK: Sudo has support for SSSD compiled in.\n
exit 0
fi

printf Error: SSSD support isn't compiled in.\n
exit 1
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2014-01-29 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-01-30 06:55:47

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2014-01-23 
15:56:56.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-01-30 
06:55:48.0 +0100
@@ -1,0 +2,11 @@
+Wed Jan 29 19:47:28 UTC 2014 - vci...@suse.com
+
+- update to 1.8.9p4
+  * Fixed a bug where sudo could consume large amounts of CPU while
+the command was running when I/O logging is not enabled.
+Bug #631 (bnc#861153)
+  * Fixed a bug where sudo would exit with an error when the debug
+level is set to util@debug or all@debug and I/O logging is not
+enabled. The command would continue runnning after sudo exited.
+
+---

Old:

  sudo-1.8.9p3.tar.gz

New:

  sudo-1.8.9p4.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.7vDo1e/_old  2014-01-30 06:55:49.0 +0100
+++ /var/tmp/diff_new_pack.7vDo1e/_new  2014-01-30 06:55:49.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.9p3
+Version:1.8.9p4
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-1.8.9p3.tar.gz - sudo-1.8.9p4.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.9p3/ChangeLog new/sudo-1.8.9p4/ChangeLog
--- old/sudo-1.8.9p3/ChangeLog  2014-01-13 19:14:26.0 +0100
+++ new/sudo-1.8.9p4/ChangeLog  2014-01-15 14:21:07.0 +0100
@@ -1,3 +1,43 @@
+2014-01-15  Todd C. Miller  todd.mil...@courtesan.com
+
+   * NEWS, configure, configure.ac:
+   Update for sudo 1.8.9p4
+   [f79ab7c6c1c5]
+
+   * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
+   When relocating fds, update the debug fd if it is set so we are
+   guaranteed to get debugging output.
+   [b1deaa472aa6]
+
+2014-01-14  Todd C. Miller  todd.mil...@courtesan.com
+
+   * src/exec.c:
+   If the event loop exits due to an error and we are not logging I/O,
+   kill the command if still running. Fixes a bug where sudo could exit
+   while the command was still running.
+   [844018ff8a8c]
+
+   * src/preserve_fds.c:
+   When relocating preserved fds, start with the highest ones first to
+   avoid moving fds around more than we have to. Now uses a bitmap to
+   keep track of which fds are being preserved. Fixes a bug where the
+   debugging fd could be relocated to the same fd as the error
+   backchannel temporarily, resulting in debugging output being printed
+   to the backchannel if util@debug was enabled.
+   [55e006dbeaf3]
+
+   * src/preserve_fds.c:
+   When restoring fds traverse list from high - low, not low - high
+   to avoid implicitly closing an fd we want to relocate.
+   [6351225f47d7]
+
+   * src/exec.c:
+   If not logging I/O we may get EOF when the command is executed and
+   the other end of the backchannel is closed. Just remove the
+   backchannel event in this case or we will continue to receive the
+   event. Bug #631
+   [a204b69d91f7]
+
 2014-01-13  Todd C. Miller  todd.mil...@courtesan.com
 
* src/ttyname.c:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.9p3/NEWS new/sudo-1.8.9p4/NEWS
--- old/sudo-1.8.9p3/NEWS   2014-01-13 19:12:10.0 +0100
+++ new/sudo-1.8.9p4/NEWS   2014-01-15 14:02:28.0 +0100
@@ -1,3 +1,12 @@
+What's new in Sudo 1.8.9p4?
+
+ * Fixed a bug where sudo could consume large amounts of CPU while
+   the command was running when I/O logging is not enabled.  Bug #631
+
+ * Fixed a bug where sudo would exit with an error when the debug
+   level is set to util@debug or all@debug and I/O logging is not
+   enabled.  The command would continue runnning after sudo exited.
+
 What's new in Sudo 1.8.9p3?
 
  * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.9p3/common/sudo_debug.c 
new/sudo-1.8.9p4/common/sudo_debug.c
--- old/sudo-1.8.9p3/common/sudo_debug.c2014-01-07 19:08:52.0 
+0100
+++ new/sudo-1.8.9p4/common/sudo_debug.c2014-01-15 14:02:18.0 
+0100
@@ -570,3 +570,19 @@
 {
 return sudo_debug_fd;
 }
+
+/*
+ * Setter for the debug descriptor.
+ */
+int
+sudo_debug_fd_set(int fd)
+{
+if (sudo_debug_fd != -1  fd != 

commit sudo for openSUSE:Factory

2014-01-23 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2014-01-17 11:16:49

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2013-10-08 
20:35:02.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2014-01-23 
15:56:56.0 +0100
@@ -1,0 +2,40 @@
+Tue Jan 14 10:49:21 UTC 2014 - vci...@suse.com
+
+- update to 1.8.9p3
+- set secure_path to /usr/sbin:/usr/bin:/sbin:/bin
+- changes since 1.8.8:
+  * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
+from being resolved properly on Linux systems.  Bug #630.
+  * Updated config.guess, config.sub and libtool to support the ppc64le
+architecture (IBM PowerPC Little Endian).
+  * Fixed a problem with gcc 4.8's handling of bit fields that could
+lead to the noexec flag being enabled even when it was not
+explicitly set.
+  * Reworked sudo's main event loop to use a simple event subsystem
+using poll(2) or select(2) as the back end.
+  * It is now possible to statically compile the sudoers plugin into
+the sudo binary without disabling shared library support.  The
+sudo.conf file may still be used to configure other plugins.
+  * Sudo can now be compiled again with a C preprocessor that does
+not support variadic macros.
+  * Visudo can now export a sudoers file in JSON format using the
+new -x flag.
+  * The locale is now set correctly again for visudo and sudoreplay.
+  * The plugin API has been extended to allow the plugin to exclude
+specific file descriptors from the closefrom range.
+  * There is now a workaround for a Solaris-specific problem where
+NOEXEC was overriding traditional root DAC behavior.
+  * Add user netgroup filtering for SSSD. Previously, rules for
+a netgroup were applied to all even when they did not belong
+to the specified netgroup.
+  * On systems with BSD login classes, if the user specified a group
+(not a user) to run the command as, it was possible to specify
+a different login class even when the command was not run as the
+super user.
+  * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
+  * Fixed a bug where sudoedit would not update the original file
+from the temporary when PAM or I/O logging is not enabled.
+  * When recycling I/O logs, the log files are now truncated properly.
+  * Fixes bugs #617, #621, #622, #623, #624, #625, #626
+
+---

Old:

  sudo-1.8.8.tar.gz

New:

  sudo-1.8.9p3.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.Om3071/_old  2014-01-23 15:56:57.0 +0100
+++ /var/tmp/diff_new_pack.Om3071/_new  2014-01-23 15:56:57.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.8
+Version:1.8.9p3
 Release:0
 Summary:Execute some commands as root
 License:ISC

++ sudo-sudoers.patch ++
--- /var/tmp/diff_new_pack.Om3071/_old  2014-01-23 15:56:57.0 +0100
+++ /var/tmp/diff_new_pack.Om3071/_new  2014-01-23 15:56:57.0 +0100
@@ -1,8 +1,8 @@
-Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
+Index: sudo-1.8.9p3/plugins/sudoers/sudoers.in
 ===
 sudo-1.8.6p3.orig/plugins/sudoers/sudoers.in   2012-09-18 
15:56:30.0 +0200
-+++ sudo-1.8.6p3/plugins/sudoers/sudoers.in2013-06-11 15:23:30.510228590 
+0200
-@@ -31,37 +31,36 @@
+--- sudo-1.8.9p3.orig/plugins/sudoers/sudoers.in   2014-01-07 
19:08:50.0 +0100
 sudo-1.8.9p3/plugins/sudoers/sudoers.in2014-01-14 12:06:45.178813991 
+0100
+@@ -31,37 +31,38 @@
  ##
  ## Defaults specification
  ##
@@ -32,6 +32,8 @@
 +## Prevent environment variables from influencing programs in an
 +## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
 +Defaults always_set_home
++## Path that will be used for every command run from sudo
++Defaults secure_path=/usr/sbin:/usr/bin:/sbin:/bin
 +Defaults env_reset
 +## Change env_reset to !env_reset in previous line to keep all environment 
variables
 +## Following list will no longer be necessary after this change
@@ -63,7 +65,7 @@
  ##
  ## Runas alias specification
  ##

commit sudo for openSUSE:Factory

2013-10-08 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2013-10-08 20:35:01

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2013-07-16 
07:39:32.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2013-10-08 
20:35:02.0 +0200
@@ -1,0 +2,43 @@
+Tue Oct  8 09:21:18 UTC 2013 - vci...@suse.com
+
+- update to 1.8.8
+- drop sudo-plugins-sudoers-sssd.patch (upstream)
+  * Removed a warning on PAM systems with stacked auth modules
+where the first module on the stack does not succeed.
+  * Sudo, sudoreplay and visudo now support GNU-style long options.
+  * The -h (--host) option may now be used to specify a host name.
+This is currently only used by the sudoers plugin in conjunction
+with the -l (--list) option.
+  * Sudo's LDAP SASL support now works properly with Kerberos.
+Previously, the SASL library was unable to locate the user's
+credential cache.
+  * It is now possible to set the nproc resource limit to unlimited
+via pam_limits on Linux (bug #565).
+  * New pam_service and pam_login_service sudoers options
+that can be used to specify the PAM service name to use.
+  * New pam_session and pam_setcred sudoers options that
+can be used to disable PAM session and credential support.
+  * The sudoers plugin now properly supports UIDs and GIDs
+that are larger than 0x7fff on 32-bit platforms.
+  * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
+Defaults entries would cause an internal error.
+  * If the tty_tickets sudoers option is enabled (the default),
+but there is no tty present, sudo will now use a ticket file
+based on the parent process ID.  This makes it possible to support
+the normal timeout behavior for the session.
+  * Fixed a problem running commands that change their process
+group and then attempt to change the terminal settings when not
+running the command in a pseudo-terminal.  Previously, the process
+would receive SIGTTOU since it was effectively a background
+process.  Sudo will now grant the child the controlling tty and
+continue it when this happens.
+  * The closefrom_override sudoers option may now be used in
+a command-specified Defaults entry (bug #610).
+  * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
+  * Root may no longer change its SELinux role without entering
+a password.
+  * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
+to the I/O log timing file are two greater than they should be.
+Sudoreplay now contains a work-around to parse those files.
+
+---

Old:

  sudo-1.8.7.tar.gz
  sudo-plugins-sudoers-sssd.patch

New:

  sudo-1.8.8.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.8eXgAR/_old  2013-10-08 20:35:11.0 +0200
+++ /var/tmp/diff_new_pack.8eXgAR/_new  2013-10-08 20:35:11.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.7
+Version:1.8.8
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -30,7 +30,6 @@
 # PATCH-OPENSUSE: the SUSE branding of the default sudo config
 Patch1: sudo-sudoers.patch
 # PATCH-FIX-UPSTREAM: fixes 64bit-portability-issue ./sssd.c:829; sent upstream
-Patch2: sudo-plugins-sudoers-sssd.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -61,7 +60,6 @@
 %setup -q
 %patch0 -p1 
 %patch1 -p1
-%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.7.tar.gz - sudo-1.8.8.tar.gz ++
 42744 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2013-07-15 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2013-07-16 07:39:30

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2013-07-11 
13:35:18.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2013-07-16 
07:39:32.0 +0200
@@ -1,0 +2,6 @@
+Fri Jul 12 12:07:27 UTC 2013 - vci...@suse.com
+
+- fix the default flag settings in manual to reflect changes caused by
+  sudo-sudoers.patch (bnc#823292)
+
+---



Other differences:
--
++ sudo-sudoers.patch ++
--- /var/tmp/diff_new_pack.NjvbuU/_old  2013-07-16 07:39:32.0 +0200
+++ /var/tmp/diff_new_pack.NjvbuU/_new  2013-07-16 07:39:32.0 +0200
@@ -1,7 +1,7 @@
-Index: sudo-1.8.0/plugins/sudoers/sudoers.in
+Index: sudo-1.8.6p3/plugins/sudoers/sudoers.in
 ===
 sudo-1.8.0.orig/plugins/sudoers/sudoers.in
-+++ sudo-1.8.0/plugins/sudoers/sudoers.in
+--- sudo-1.8.6p3.orig/plugins/sudoers/sudoers.in   2012-09-18 
15:56:30.0 +0200
 sudo-1.8.6p3/plugins/sudoers/sudoers.in2013-06-11 15:23:30.510228590 
+0200
 @@ -31,37 +31,36 @@
  ##
  ## Defaults specification
@@ -78,3 +78,34 @@
  ## Read drop-in files from @sysconfdir@/sudoers.d
  ## (the '#' here does not indicate a comment)
  #includedir @sysconfdir@/sudoers.d
+Index: sudo-1.8.6p3/doc/sudoers.mdoc.in
+===
+--- sudo-1.8.6p3.orig/doc/sudoers.mdoc.in  2012-09-18 15:57:43.0 
+0200
 sudo-1.8.6p3/doc/sudoers.mdoc.in   2013-06-11 15:27:23.331273355 +0200
+@@ -1468,7 +1468,7 @@ is present in the
+ .Em env_keep
+ list.
+ This flag is
+-.Em off
++.Em on
+ by default.
+ .It authenticate
+ If set, users must authenticate themselves via a password (or other
+@@ -1712,7 +1712,7 @@ If set,
+ .Nm sudo
+ will insult users when they enter an incorrect password.
+ This flag is
+-.Em @insults@
++.Em off
+ by default.
+ .It log_host
+ If set, the host name will be logged in the (non-syslog)
+@@ -2121,7 +2121,7 @@ database as an argument to the
+ .Fl u
+ option.
+ This flag is
+-.Em off
++.Em on
+ by default.
+ .It tty_tickets
+ If set, users must authenticate on a per-tty basis.

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2013-07-11 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2013-07-11 13:34:17

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2013-07-03 
10:27:45.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2013-07-11 
13:35:18.0 +0200
@@ -1,0 +2,12 @@
+Tue Jul  9 15:46:19 UTC 2013 - da...@darins.net
+
+- Added patch to resolve packaging error. Patch has been sent
+  upstream.
+  * E: sudo 64bit-portability-issue ./sssd.c:829
+
+---
+Tue Jul  9 12:34:16 UTC 2013 - da...@darins.net
+
+- Enable SSSD as a sudoers data source 
+
+---

New:

  sudo-plugins-sudoers-sssd.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.tiyW1j/_old  2013-07-11 13:35:19.0 +0200
+++ /var/tmp/diff_new_pack.tiyW1j/_new  2013-07-11 13:35:19.0 +0200
@@ -29,9 +29,12 @@
 Patch0: sudoers2ldif-env.patch
 # PATCH-OPENSUSE: the SUSE branding of the default sudo config
 Patch1: sudo-sudoers.patch
+# PATCH-FIX-UPSTREAM: fixes 64bit-portability-issue ./sssd.c:829; sent upstream
+Patch2: sudo-plugins-sudoers-sssd.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
+BuildRequires:  libsss_sudo
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
 Requires(pre):  coreutils
@@ -58,6 +61,7 @@
 %setup -q
 %patch0 -p1 
 %patch1 -p1
+%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc
@@ -87,7 +91,8 @@
 --with-env-editor \
 --without-secure-path \
 --with-passprompt='%%p\x27s password:' \
---with-timedir=%{_localstatedir}/lib/sudo
+--with-timedir=%{_localstatedir}/lib/sudo \
+--with-sssd
 make %{?_smp_mflags}
 
 %install

++ sudo-plugins-sudoers-sssd.patch ++
--- sudo-1.8.7.orig/plugins/sudoers/sssd.c  2013-06-04 05:48:30.0 
-0400
+++ sudo-1.8.7/plugins/sudoers/sssd.c   2013-07-09 11:08:37.159369867 -0400
@@ -826,7 +826,7 @@
}
 
 /* check for sha-2 digest */
-   allowed_digest = sudo_ldap_extract_digest(val, digest);
+   allowed_digest = sudo_sss_extract_digest(val, digest);
 
/* check for !command */
if (*val == '!') {
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2013-07-03 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2013-07-03 10:27:44

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2013-06-29 
14:51:56.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2013-07-03 
10:27:45.0 +0200
@@ -1,0 +2,5 @@
+Tue Jul  2 16:30:19 UTC 2013 - dmuel...@suse.com
+
+- restore accidentally dropped suse-specific patches 
+
+---
@@ -5 +10,21 @@
-  * especially all local patches are obsoleted by upstream fixes
+  * remove CVE-2013-1775
+  * remove CVE-2013-1776
+  * The non-Unix group plugin is now supported when sudoers data is stored in 
LDAP.
+  * User messages are now always displayed in the user's locale, even when the
+  same message is being logged or mailed in a different locale.  
+  * Log files created by sudo now explicitly have the group set to group ID 0
+  rather than relying on BSD group semantics (which may not be the default).
+  * A new exec_background sudoers option can be used to initially run the 
+  command without read access to the terminal when running a command in a 
+  pseudo-tty. 
+  * Sudo now produces better error messages when there is an error in the 
sudo.conf file.
+  * Two new settings have been added to sudo.conf to give the admin better 
control of 
+  how group database queries are performed.
+  * There is now a standalone sudo.conf manual page.
+  * New support for specifying a SHA-2 digest along with the command in 
sudoers.
+  Supported hash types are sha224, sha256, sha384 and sha512. See the 
description
+  of Digest_Spec in the sudoers manual or the description of sudoCommand in the
+  sudoers.ldap manual for details.
+  * Fixed potential false positives in visudo's alias cycle detection.
+  * Sudo now only builds Position Independent Executables (PIE) by default on 
Linux
+  systems and verifies that a trivial test program builds and runs.

New:

  sudo-sudoers.patch
  sudoers2ldif-env.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.CgEB9C/_old  2013-07-03 10:27:46.0 +0200
+++ /var/tmp/diff_new_pack.CgEB9C/_new  2013-07-03 10:27:46.0 +0200
@@ -26,6 +26,9 @@
 Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:sudo.pamd
 Source2:README.SUSE
+Patch0: sudoers2ldif-env.patch
+# PATCH-OPENSUSE: the SUSE branding of the default sudo config
+Patch1: sudo-sudoers.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -53,6 +56,8 @@
 
 %prep
 %setup -q
+%patch0 -p1 
+%patch1 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-sudoers.patch ++
Index: sudo-1.8.0/plugins/sudoers/sudoers.in
===
--- sudo-1.8.0.orig/plugins/sudoers/sudoers.in
+++ sudo-1.8.0/plugins/sudoers/sudoers.in
@@ -31,37 +31,36 @@
 ##
 ## Defaults specification
 ##
-## You may wish to keep some of the following environment variables
-## when running commands via sudo.
-##
-## Locale settings
-# Defaults env_keep += LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET
-##
-## Run X applications through sudo; HOME is used to find the
-## .Xauthority file.  Note that other programs use HOME to find   
-## configuration files and this may lead to privilege escalation!
-# Defaults env_keep += HOME
-##
-## X11 resource path settings
-# Defaults env_keep += XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH
-##
-## Desktop path settings
-# Defaults env_keep += QTDIR KDEDIR
-##
-## Allow sudo-run commands to inherit the callers' ConsoleKit session
-# Defaults env_keep += XDG_SESSION_COOKIE
-##
-## Uncomment to enable special input methods.  Care should be taken as
-## this may allow users to subvert the command being run via sudo.
-# Defaults env_keep += XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER
+## Prevent environment variables from influencing programs in an
+## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
+Defaults always_set_home
+Defaults env_reset
+## Change env_reset to !env_reset in previous line to keep all environment 
variables
+## Following list will no longer be necessary after this change
+
+Defaults env_keep = LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE 
LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE
+## Comment out the preceding line and uncomment the following one if you need
+## to use special input methods. This may allow users to 

commit sudo for openSUSE:Factory

2013-06-29 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2013-06-29 14:51:55

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2013-03-01 
21:03:23.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2013-06-29 
14:51:56.0 +0200
@@ -1,0 +2,6 @@
+Thu Jun 27 18:03:10 UTC 2013 - mich...@stroeder.com
+
+- Update to upstream release 1.8.7
+  * especially all local patches are obsoleted by upstream fixes
+
+---

Old:

  sudo-1.8.6p3-CVE-2013-1775.patch
  sudo-1.8.6p3-CVE-2013-1776.patch
  sudo-1.8.6p3.tar.gz
  sudo-sudoers.patch
  sudoers2ldif-env.patch

New:

  sudo-1.8.7.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.rEQEW3/_old  2013-06-29 14:51:57.0 +0200
+++ /var/tmp/diff_new_pack.rEQEW3/_new  2013-06-29 14:51:57.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.6p3
+Version:1.8.7
 Release:0
 Summary:Execute some commands as root
 License:ISC
@@ -26,10 +26,6 @@
 Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:sudo.pamd
 Source2:README.SUSE
-Patch0: sudoers2ldif-env.patch
-Patch1: sudo-sudoers.patch
-Patch2: sudo-1.8.6p3-CVE-2013-1775.patch
-Patch3: sudo-1.8.6p3-CVE-2013-1776.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -57,10 +53,6 @@
 
 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.6p3.tar.gz - sudo-1.8.7.tar.gz ++
 90861 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2013-03-01 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2013-03-01 20:45:08

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-12-05 
14:09:25.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2013-03-01 
20:45:09.0 +0100
@@ -1,0 +2,9 @@
+Fri Mar  1 11:12:28 UTC 2013 - vci...@suse.com
+
+- added two security fixes:
+  * CVE-2013-1775 (bnc#806919)
++ sudo-1.8.6p3-CVE-2013-1775.patch
+  * CVE-2013-1776 (bnc#806921)
++ sudo-1.8.6p3-CVE-2013-1776.patch
+
+---

New:

  sudo-1.8.6p3-CVE-2013-1775.patch
  sudo-1.8.6p3-CVE-2013-1776.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.7XucCn/_old  2013-03-01 20:45:26.0 +0100
+++ /var/tmp/diff_new_pack.7XucCn/_new  2013-03-01 20:45:26.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -28,6 +28,8 @@
 Source2:README.SUSE
 Patch0: sudoers2ldif-env.patch
 Patch1: sudo-sudoers.patch
+Patch2: sudo-1.8.6p3-CVE-2013-1775.patch
+Patch3: sudo-1.8.6p3-CVE-2013-1776.patch
 BuildRequires:  audit-devel
 BuildRequires:  groff
 BuildRequires:  libselinux-devel
@@ -57,6 +59,8 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.6p3-CVE-2013-1775.patch ++
63210a2b8f2f199b521f6c8213bb29775c09375c
 plugins/sudoers/check.c |   53 +--
 1 file changed, 28 insertions(+), 25 deletions(-)

Index: sudo-1.8.6p3/plugins/sudoers/check.c
===
--- sudo-1.8.6p3.orig/plugins/sudoers/check.c   2012-09-18 15:56:29.0 
+0200
+++ sudo-1.8.6p3/plugins/sudoers/check.c2013-03-01 12:10:34.285863069 
+0100
@@ -627,31 +627,34 @@ timestamp_status(char *timestampdir, cha
  */
 if (status == TS_OLD  !ISSET(flags, TS_REMOVE)) {
mtim_get(sb, mtime);
-   /* Negative timeouts only expire manually (sudo -k). */
-   if (def_timestamp_timeout  0  mtime.tv_sec != 0)
-   status = TS_CURRENT;
-   else {
-   now = time(NULL);
-   if (def_timestamp_timeout 
-   now - mtime.tv_sec  60 * def_timestamp_timeout) {
-   /*
-* Check for bogus time on the stampfile.  The clock may
-* have been set back or someone could be trying to spoof us.
-*/
-   if (mtime.tv_sec  now + 60 * def_timestamp_timeout * 2) {
-   time_t tv_sec = (time_t)mtime.tv_sec;
-   log_error(0,
-   _(timestamp too far in the future: %20.20s),
-   4 + ctime(tv_sec));
-   if (timestampfile)
-   (void) unlink(timestampfile);
-   else
-   (void) rmdir(timestampdir);
-   status = TS_MISSING;
-   } else if (get_boottime(boottime)  timevalcmp(mtime, 
boottime, )) {
-   status = TS_OLD;
-   } else {
-   status = TS_CURRENT;
+   if (timevalisset(mtime)) {
+   /* Negative timeouts only expire manually (sudo -k). */
+   if (def_timestamp_timeout  0) {
+   status = TS_CURRENT;
+   } else {
+   now = time(NULL);
+   if (def_timestamp_timeout 
+   now - mtime.tv_sec  60 * def_timestamp_timeout) {
+   /*
+* Check for bogus time on the stampfile.  The clock may
+* have been set back or user could be trying to spoof us.
+*/
+   if (mtime.tv_sec  now + 60 * def_timestamp_timeout * 2) {
+   time_t tv_sec = (time_t)mtime.tv_sec;
+   log_error(0,
+   _(timestamp too far in the future: %20.20s),
+   4 + ctime(tv_sec));
+   if (timestampfile)
+   (void) unlink(timestampfile);
+   else
+   (void) rmdir(timestampdir);
+   status = TS_MISSING;
+  

commit sudo for openSUSE:Factory

2012-12-05 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-12-05 14:09:24

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-11-05 
15:03:07.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-12-05 
14:09:25.0 +0100
@@ -1,0 +2,6 @@
+Mon Dec  3 10:58:10 UTC 2012 - cfarr...@suse.com
+
+- license update: ISC
+  Look at the license file
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.bMSJ8i/_old  2012-12-05 14:09:26.0 +0100
+++ /var/tmp/diff_new_pack.bMSJ8i/_new  2012-12-05 14:09:26.0 +0100
@@ -20,7 +20,7 @@
 Version:1.8.6p3
 Release:0
 Summary:Execute some commands as root
-License:BSD-3-Clause
+License:ISC
 Group:  System/Base
 Url:http://www.sudo.ws/
 Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2012-11-05 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-11-05 15:03:05

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-10-27 
07:48:36.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-11-05 
15:03:07.0 +0100
@@ -1,0 +2,11 @@
+Sun Nov  4 20:32:52 UTC 2012 - crrodrig...@opensuse.org
+
+- sudo 1.8.6p3
+* Support for using the System Security Services Daemon (SSSD) as a source of 
sudoers data
+* Fixed a race condition that could cause sudo to receive SIGTTOU (and stop) 
+  when resuming a shell that was run via sudo when I/O logging (and use_pty) 
is not enabled. 
+* The sudoers plugin now takes advantage of symbol visibility controls when 
supported by the compiler or linker.
+* Sending SIGTSTP directly to the sudo process will now suspend 
+   the running command when I/O logging (and use_pty) is not enabled.
+
+---

Old:

  sudo-1.8.5p2.tar.gz

New:

  sudo-1.8.6p3.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.RKAQuw/_old  2012-11-05 15:03:13.0 +0100
+++ /var/tmp/diff_new_pack.RKAQuw/_new  2012-11-05 15:03:13.0 +0100
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.5p2
+Version:1.8.6p3
 Release:0
 Summary:Execute some commands as root
 License:BSD-3-Clause

++ sudo-1.8.5p2.tar.gz - sudo-1.8.6p3.tar.gz ++
 84255 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2012-10-26 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-10-27 07:48:07

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-06-18 
17:35:51.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-10-27 
07:48:36.0 +0200
@@ -1,0 +2,5 @@
+Fri Oct 26 15:34:58 UTC 2012 - co...@suse.com
+
+- add explicit buildrequire on groff
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.BCQ1uC/_old  2012-10-27 07:48:39.0 +0200
+++ /var/tmp/diff_new_pack.BCQ1uC/_new  2012-10-27 07:48:39.0 +0200
@@ -29,6 +29,7 @@
 Patch0: sudoers2ldif-env.patch
 Patch1: sudo-sudoers.patch
 BuildRequires:  audit-devel
+BuildRequires:  groff
 BuildRequires:  libselinux-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2012-06-18 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-06-18 17:35:22

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-05-21 
08:02:15.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-06-18 
17:35:51.0 +0200
@@ -1,0 +2,13 @@
+Wed Jun 13 19:08:05 CEST 2012 - vu...@opensuse.org
+
+- Update to version 1.8.5p2:
+  + Fixed use of the SUDO_ASKPASS environment variable which was
+broken in Sudo 1.8.5.
+  + Fixed a problem reading the sudoers file when the file mode is
+more restrictive than the expected mode.  For example, when the
+expected sudoers file mode is 0440 but the actual mode is 0400.
+- Changes from version 1.8.5p1:
+  + Fixed a bug that prevented files in an include directory from
+being evaluated.
+
+---

Old:

  sudo-1.8.5.tar.gz

New:

  sudo-1.8.5p2.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.k0v8ou/_old  2012-06-18 17:35:54.0 +0200
+++ /var/tmp/diff_new_pack.k0v8ou/_new  2012-06-18 17:35:54.0 +0200
@@ -17,7 +17,7 @@
 
 
 Name:   sudo
-Version:1.8.5
+Version:1.8.5p2
 Release:0
 Summary:Execute some commands as root
 License:BSD-3-Clause

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2012-05-21 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-05-21 08:02:12

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-03-09 
21:28:13.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-05-21 
08:02:15.0 +0200
@@ -1,0 +2,19 @@
+Wed May 16 15:27:32 UTC 2012 - vci...@suse.com
+
+- update to 1.8.5
+  Some of the changes:
+  * /etc/environment is no longer read directly on Linux systems when
+PAM is used. Sudo now merges the PAM environment into the user's
+environment which is typically set by the pam_env module.
+  * The plugin API has been extended
+  * The policy plugin's init_session function is now called by the
+parent sudo process, not the child process that executes the command
+This allows the PAM session to be open and closed in the same process,
+which some PAM modules require.
+  * A new group provider plugin, system_group, is included
+  * Fixed a potential security issue in the matching of hosts against
+an IPv4 network specified in sudoers.The flaw may allow a user who
+is authorized to run commands on hosts belonging to one IPv4
+network to run commands on a different host (CVE-2012-2337)
+
+---

Old:

  sudo-1.8.3p1-sesh-cflags.patch
  sudo-1.8.4p2.tar.gz

New:

  sudo-1.8.5.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.W4UI9l/_old  2012-05-21 08:02:17.0 +0200
+++ /var/tmp/diff_new_pack.W4UI9l/_new  2012-05-21 08:02:17.0 +0200
@@ -16,9 +16,8 @@
 #
 
 
-
 Name:   sudo
-Version:1.8.4p2
+Version:1.8.5
 Release:0
 Summary:Execute some commands as root
 License:BSD-3-Clause
@@ -29,8 +28,6 @@
 Source2:README.SUSE
 Patch0: sudoers2ldif-env.patch
 Patch1: sudo-sudoers.patch
-# PATCH-FIX-OPENSUSE make sesh position-independent (bnc#743157)
-Patch2: sudo-1.8.3p1-sesh-cflags.patch
 BuildRequires:  audit-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  openldap2-devel
@@ -59,7 +56,6 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.4p2.tar.gz - sudo-1.8.5.tar.gz ++
 58045 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2012-03-09 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-03-09 21:28:11

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-02-01 
13:17:32.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-03-09 
21:28:13.0 +0100
@@ -1,0 +2,26 @@
+Fri Mar  9 14:19:44 UTC 2012 - vci...@suse.com
+
+- update to 1.8.4p2
+  Some of the changes:
+  * The -D flag in sudo has been replaced with a more general
+debugging framework that is configured in sudo.conf.
+  * Fixed a crash with sudo -i when a runas group was specified
+without a runas user.
+  * New Serbian and Spanish translations for sudo from translationproject.org.
+LDAP-based sudoers may now access by group ID in addition to group name.
+  * visudo will now fix the mode on the sudoers file even if no
+changes are made unless the -f option is specified.
+  * On systems that use login.conf, sudo -i now sets environment
+variables based on login.conf
+  * values in the LDAP search expression are now escaped as per RFC 4515
+  * The deprecated noexec_file sudoers option is no longer supported.
+  * Fixed a race condition when I/O logging is not enabled that could
+result in tty-generated signals (e.g. control-C) being received
+by the command twice.
+  * visudo -c will now list any include files that were checked in
+addition to the main sudoers file when everything parses OK.
+  * Users that only have read-only access to the sudoers file may
+now run visudo -c. Previously, write permissions were required
+even though no writing is down in check-only mode.
+
+---

Old:

  sudo-1.8.3p2.tar.gz

New:

  sudo-1.8.4p2.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.WRrzsv/_old  2012-03-09 21:28:15.0 +0100
+++ /var/tmp/diff_new_pack.WRrzsv/_new  2012-03-09 21:28:15.0 +0100
@@ -16,8 +16,9 @@
 #
 
 
+
 Name:   sudo
-Version:1.8.3p2
+Version:1.8.4p2
 Release:0
 Summary:Execute some commands as root
 License:BSD-3-Clause

++ sudo-1.8.3p1-sesh-cflags.patch ++
--- /var/tmp/diff_new_pack.WRrzsv/_old  2012-03-09 21:28:15.0 +0100
+++ /var/tmp/diff_new_pack.WRrzsv/_new  2012-03-09 21:28:15.0 +0100
@@ -1,13 +1,25 @@
-Index: sudo-1.8.3p1/src/Makefile.in
+Index: sudo-1.8.4p2/src/Makefile.in
 ===
 sudo-1.8.3p1.orig/src/Makefile.in  2011-10-21 15:01:26.0 +0200
-+++ sudo-1.8.3p1/src/Makefile.in   2012-01-25 16:02:52.488970711 +0100
-@@ -101,7 +101,7 @@
+--- sudo-1.8.4p2.orig/src/Makefile.in  2012-02-10 18:46:59.0 +0100
 sudo-1.8.4p2/src/Makefile.in   2012-03-09 15:27:43.370138126 +0100
+@@ -100,7 +100,7 @@
$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LTLDFLAGS) -o $@ 
sudo_noexec.lo -avoid-version -rpath $(noexecdir)
  
- sesh: sesh.o
--  $(CC) -o $@ sesh.o
-+  $(CC) $(CFLAGS) $(LDFLAGS) -o $@ sesh.o
+ sesh: sesh.o error.o exec_common.o @LIBINTL@ $(LT_LIBS)
+-  $(LIBTOOL) --mode=link $(CC) -o $@ sesh.o error.o exec_common.o 
@LIBINTL@ $(LIBS) -static-libtool-libs
++  $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -o $@ sesh.o error.o 
exec_common.o @LIBINTL@ $(LIBS) -static-libtool-libs
  
  pre-install:
  
+Index: sudo-1.8.4p2/src/sesh.c
+===
+--- sudo-1.8.4p2.orig/src/sesh.c   2012-01-25 20:58:28.0 +0100
 sudo-1.8.4p2/src/sesh.c2012-03-09 15:41:52.261671165 +0100
+@@ -40,6 +40,7 @@
+ #include sudo_debug.h
+ #include sudo_exec.h
+ #include sudo_plugin.h
++#include alloc.h
+ 
+ sudo_conv_t sudo_conv;  /* NULL in non-plugin */
+ 

++ sudo-1.8.3p2.tar.gz - sudo-1.8.4p2.tar.gz ++
 49163 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2012-02-01 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-02-01 13:17:30

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2012-01-26 
16:00:39.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-02-01 
13:17:32.0 +0100
@@ -1,0 +2,8 @@
+Tue Jan 31 12:30:58 UTC 2012 - vci...@suse.com
+
+- update to 1.8.3p2
+  * Fixed a format string vulnerability when the sudo binary
+(or a symbolic link to the sudo binary) contains printf
+format escapes and the -D (debugging) flag is used.
+
+---

Old:

  sudo-1.8.3p1.tar.gz

New:

  sudo-1.8.3p2.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.Xpbnvu/_old  2012-02-01 13:17:35.0 +0100
+++ /var/tmp/diff_new_pack.Xpbnvu/_new  2012-02-01 13:17:35.0 +0100
@@ -15,8 +15,9 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
 Name:   sudo
-Version:1.8.3p1
+Version:1.8.3p2
 Release:0
 Summary:Execute some commands as root
 License:BSD-3-Clause

++ sudo-1.8.3p1.tar.gz - sudo-1.8.3p2.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.3p1/ChangeLog new/sudo-1.8.3p2/ChangeLog
--- old/sudo-1.8.3p1/ChangeLog  2011-10-25 21:15:38.0 +0200
+++ new/sudo-1.8.3p2/ChangeLog  2012-01-24 22:17:30.0 +0100
@@ -1,3 +1,17 @@
+2012-01-24  Todd C. Miller  todd.mil...@courtesan.com
+
+   * src/sudo.c:
+   Fixed a format string vulnerability when the sudo binary (or a 
+   symbolic link to the sudo binary) contains printf format escapes
+   and the -D (debugging) flag is used.
+
+2012-01-13  Todd C. Miller  todd.mil...@courtesan.com
+
+   * sudo.pp:
+   Include parent directories in case they don't already exist. This
+   fixes a directory permissions problem with the AIX package when the
+   /usr/local directories don't already exist.
+
 2011-10-25  Todd C. Miller  todd.mil...@courtesan.com
 
* plugins/sudoers/Makefile.in:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.3p1/NEWS new/sudo-1.8.3p2/NEWS
--- old/sudo-1.8.3p1/NEWS   2011-10-25 20:58:26.0 +0200
+++ new/sudo-1.8.3p2/NEWS   2012-01-24 20:33:06.0 +0100
@@ -1,3 +1,9 @@
+What's new in Sudo 1.8.3p2?
+
+ * Fixed a format string vulnerability when the sudo binary (or a
+   symbolic link to the sudo binary) contains printf format escapes
+   and the -D (debugging) flag is used.
+
 What's new in Sudo 1.8.3p1?
 
  * Fixed a crash in the monitor process on Solaris when NOPASSWD
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sudo-1.8.3p1/configure new/sudo-1.8.3p2/configure
--- old/sudo-1.8.3p1/configure  2011-10-25 16:11:54.0 +0200
+++ new/sudo-1.8.3p2/configure  2012-01-24 20:34:13.0 +0100
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for sudo 1.8.3p1.
+# Generated by GNU Autoconf 2.68 for sudo 1.8.3p2.
 #
 # Report bugs to http://www.sudo.ws/bugs/.
 #
@@ -570,8 +570,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.8.3p1'
-PACKAGE_STRING='sudo 1.8.3p1'
+PACKAGE_VERSION='1.8.3p2'
+PACKAGE_STRING='sudo 1.8.3p2'
 PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/'
 PACKAGE_URL=''
 
@@ -1446,7 +1446,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat _ACEOF
-\`configure' configures sudo 1.8.3p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.8.3p2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1511,7 +1511,7 @@
 
 if test -n $ac_init_help; then
   case $ac_init_help in
- short | recursive ) echo Configuration of sudo 1.8.3p1:;;
+ short | recursive ) echo Configuration of sudo 1.8.3p2:;;
esac
   cat \_ACEOF
 
@@ -1728,7 +1728,7 @@
 test -n $ac_init_help  exit $ac_status
 if $ac_init_version; then
   cat \_ACEOF
-sudo configure 1.8.3p1
+sudo configure 1.8.3p2
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2432,7 +2432,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 

commit sudo for openSUSE:Factory

2012-01-26 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2012-01-26 16:00:37

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2011-12-31 
17:20:25.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2012-01-26 
16:00:39.0 +0100
@@ -1,0 +2,14 @@
+Wed Jan 25 15:09:14 UTC 2012 - vci...@suse.com
+
+- honour global CFLAGS and LDFLAGS when compiling sesh,
+  to avoid rpmlint error (bnc#743157)
+
+---
+Wed Jan  4 16:54:23 UTC 2012 - vci...@suse.com
+
+- update to sudo-1.8.3p1 
+  * Fixed a crash in the monitor process on Solaris when NOPASSWD
+was specified or when authentication was disabled.
+  * Fixed matching of a Runas_Alias in the group section of a Runas_Spec. 
+
+---

Old:

  sudo-1.8.3.tar.gz

New:

  sudo-1.8.3p1-sesh-cflags.patch
  sudo-1.8.3p1.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.jNhilq/_old  2012-01-26 16:00:41.0 +0100
+++ /var/tmp/diff_new_pack.jNhilq/_new  2012-01-26 16:00:41.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sudo
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,20 +15,20 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-
-
 Name:   sudo
-Version:1.8.3
-Release:1
-License:BSD-3-Clause
+Version:1.8.3p1
+Release:0
 Summary:Execute some commands as root
-Url:http://www.sudo.ws/
+License:BSD-3-Clause
 Group:  System/Base
+Url:http://www.sudo.ws/
 Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:sudo.pamd
 Source2:README.SUSE
 Patch0: sudoers2ldif-env.patch
 Patch1: sudo-sudoers.patch
+# PATCH-FIX-OPENSUSE make sesh position-independent (bnc#743157)
+Patch2: sudo-1.8.3p1-sesh-cflags.patch
 BuildRequires:  audit-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  openldap2-devel
@@ -47,7 +47,6 @@
 minutes by default).
 
 %package devel
-License:BSD-3-Clause
 Summary:Header files needed for sudo plugin development
 Group:  Development/Libraries/C and C++
 
@@ -58,6 +57,7 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.3p1-sesh-cflags.patch ++
Index: sudo-1.8.3p1/src/Makefile.in
===
--- sudo-1.8.3p1.orig/src/Makefile.in   2011-10-21 15:01:26.0 +0200
+++ sudo-1.8.3p1/src/Makefile.in2012-01-25 16:02:52.488970711 +0100
@@ -101,7 +101,7 @@
$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) $(LTLDFLAGS) -o $@ 
sudo_noexec.lo -avoid-version -rpath $(noexecdir)
 
 sesh: sesh.o
-   $(CC) -o $@ sesh.o
+   $(CC) $(CFLAGS) $(LDFLAGS) -o $@ sesh.o
 
 pre-install:
 
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2011-12-31 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2011-12-31 17:20:23

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2011-11-02 
12:18:44.0 +0100
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2011-12-31 
17:20:25.0 +0100
@@ -1,0 +2,5 @@
+Wed Dec 28 06:45:07 UTC 2011 - a...@suse.de
+
+- Set timedir correctly
+
+---



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.ZQhAo7/_old  2011-12-31 17:20:26.0 +0100
+++ /var/tmp/diff_new_pack.ZQhAo7/_new  2011-12-31 17:20:26.0 +0100
@@ -86,7 +86,8 @@
 --with-sudoers-mode=0440 \
 --with-env-editor \
 --without-secure-path \
---with-passprompt='%%p\x27s password:'
+--with-passprompt='%%p\x27s password:' \
+--with-timedir=%{_localstatedir}/lib/sudo
 make %{?_smp_mflags}
 
 %install

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2011-12-06 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2011-12-06 19:06:13

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:




Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.NRGlLH/_old  2011-12-06 19:40:11.0 +0100
+++ /var/tmp/diff_new_pack.NRGlLH/_new  2011-12-06 19:40:11.0 +0100
@@ -20,7 +20,7 @@
 Name:   sudo
 Version:1.8.3
 Release:1
-License:BSD3c(or similar)
+License:BSD-3-Clause
 Summary:Execute some commands as root
 Url:http://www.sudo.ws/
 Group:  System/Base
@@ -47,7 +47,7 @@
 minutes by default).
 
 %package devel
-License:BSD3c(or similar)
+License:BSD-3-Clause
 Summary:Header files needed for sudo plugin development
 Group:  Development/Libraries/C and C++
 

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2011-11-02 Thread h_root
Hello community,

here is the log from the commit of package sudo for openSUSE:Factory checked in 
at 2011-11-02 12:18:43

Comparing /work/SRC/openSUSE:Factory/sudo (Old)
 and  /work/SRC/openSUSE:Factory/.sudo.new (New)


Package is sudo, Maintainer is vci...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/sudo/sudo.changes2011-10-13 
17:26:57.0 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new/sudo.changes   2011-11-02 
12:18:44.0 +0100
@@ -1,0 +2,38 @@
+Mon Oct 24 08:42:33 UTC 2011 - vci...@suse.com
+
+- update to sudo-1.8.3
+  - Fixed expansion of strftime() escape sequences
+in the log_dir sudoers setting.
+  - Esperanto, Italian and Japanese
+translations from translationproject.org.
+  - Added --enable-werror configure option for gcc's
+  -Werror flag.  - Visudo no longer
+assumes all editors support the +linenumber command line argument.
+It now uses a whitelist of editors known to support the option.
+  - Fixed matching of network addresses when a netmask is specified but
+the address is not the first one in the CIDR block.
+  - The configure script now check whether or not errno.h declares the
+errno variable. Previously, sudo would always declare errno itself
+for older systems that don't declare it in errno.h.
+  - The NOPASSWD tag is now honored for denied commands too,
+which matches historic sudo behavior (prior to sudo 1.7.0).
+  - Sudo now honors the DEREF
+setting in ldap.conf which controls how alias dereferencing is done
+during an LDAP search.
+  - A symbol conflict with the
+pam_ssh_agent_auth PAM module that would cause a crash been
+resolved.
+  - The inability to load a group provider plugin is no
+longer a fatal error.
+  - A potential crash in the utmp handling
+code has been fixed.
+  - Two PAM session issues have been resolved.
+In previous versions of sudo, the PAM session was opened as one
+user and closed as another. Additionally, if no authentication was
+performed, the PAM session would never be closed.
+  - The LOGNAME,
+USER and USERNAME environment variables are preserved correctly
+again in sudoedit mode.
+- grp-include.patch no longer needed
+
+---

Old:

  sudo-1.8.2.tar.gz
  sudo-grp-include.patch

New:

  sudo-1.8.3.tar.gz



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.ho420w/_old  2011-11-02 12:18:45.0 +0100
+++ /var/tmp/diff_new_pack.ho420w/_new  2011-11-02 12:18:45.0 +0100
@@ -18,7 +18,7 @@
 
 
 Name:   sudo
-Version:1.8.2
+Version:1.8.3
 Release:1
 License:BSD3c(or similar)
 Summary:Execute some commands as root
@@ -29,13 +29,12 @@
 Source2:README.SUSE
 Patch0: sudoers2ldif-env.patch
 Patch1: sudo-sudoers.patch
-Patch2: sudo-grp-include.patch
 BuildRequires:  audit-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
-PreReq: coreutils
-PreReq: permissions
+Requires(pre):  coreutils
+Requires(pre):  permissions
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -59,7 +58,6 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc

++ sudo-1.8.2.tar.gz - sudo-1.8.3.tar.gz ++
 15222 lines of diff (skipped)

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit sudo for openSUSE:Factory

2011-10-13 Thread h_root

Hello community,

here is the log from the commit of package sudo for openSUSE:Factory
checked in at Thu Oct 13 17:24:57 CEST 2011.




--- openSUSE:Factory/sudo/sudo.changes  2011-09-23 12:47:05.0 +0200
+++ sudo/sudo.changes   2011-10-13 03:06:10.0 +0200
@@ -1,0 +2,45 @@
+Thu Oct 13 00:59:49 UTC 2011 - prus...@opensuse.org
+
+- updated to sudo-1.8.2
+  * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
+language support (NLS). This can be disabled by passing configure
+the --disable-nls option.  Sudo will use gettext(), if available,
+to display translated messages.  All translations are coordinated
+via The Translation Project, http://translationproject.org/.
+  * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
+RTLD_LOCAL.  This fixes missing symbol problems in PAM modules
+on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
+  * I/O logging is now supported for commands run in background mode
+(using sudo's -b flag).
+  * Group ownership of the sudoers file is now only enforced when
+the file mode on sudoers allows group readability or writability.
+  * Visudo now checks the contents of an alias and warns about cycles
+when the alias is expanded.
+  * If the user specifes a group via sudo's -g option that matches
+the target user's group in the password database, it is now
+allowed even if no groups are present in the Runas_Spec.
+  * The sudo Makefiles now have more complete dependencies which are
+automatically generated instead of being maintained manually.
+  * The use_pty sudoers option is now correctly passed back to the
+sudo front end.  This was missing in previous versions of sudo
+1.8 which prevented use_pty from being honored.
+  * sudo -i command now works correctly with the bash version
+2.0 and higher.  Previously, the .bash_profile would not be
+sourced prior to running the command unless bash was built with
+NON_INTERACTIVE_LOGIN_SHELLS defined.
+  * When matching groups in the sudoers file, sudo will now match
+based on the name of the group instead of the group ID. This can
+substantially reduce the number of group lookups for sudoers
+files that contain a large number of groups.
+  * Multi-factor authentication is now supported on AIX.
+  * Added support for non-RFC 4517 compliant LDAP servers that require
+that seconds be present in a timestamp, such as Tivoli Directory Server.
+  * If the group vector is to be preserved, the PATH search for the
+command is now done with the user's original group vector.
+  * For LDAP-based sudoers, the runas_default sudoOption now works
+properly in a sudoRole that contains a sudoCommand.
+  * Spaces in command line arguments for sudo -s and sudo -i are
+now escaped with a backslash when checking the security policy.
+- added missing include (grp-include.patch)
+
+---

calling whatdependson for head-i586


Old:

  sudo-1.8.1p2.tar.bz2

New:

  sudo-1.8.2.tar.gz
  sudo-grp-include.patch



Other differences:
--
++ sudo.spec ++
--- /var/tmp/diff_new_pack.hnf3VY/_old  2011-10-13 17:24:50.0 +0200
+++ /var/tmp/diff_new_pack.hnf3VY/_new  2011-10-13 17:24:50.0 +0200
@@ -18,17 +18,18 @@
 
 
 Name:   sudo
-Version:1.8.1p2
+Version:1.8.2
 Release:1
 License:BSD3c(or similar)
 Summary:Execute some commands as root
 Url:http://www.sudo.ws/
 Group:  System/Base
-Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.bz2
+Source0:http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz
 Source1:sudo.pamd
 Source2:README.SUSE
-Patch1: sudoers2ldif-env.patch
-Patch3: sudo-sudoers.patch
+Patch0: sudoers2ldif-env.patch
+Patch1: sudo-sudoers.patch
+Patch2: sudo-grp-include.patch
 BuildRequires:  audit-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  openldap2-devel
@@ -56,8 +57,9 @@
 
 %prep
 %setup -q
+%patch0 -p1
 %patch1 -p1
-%patch3 -p1
+%patch2 -p1
 
 %build
 %ifarch s390 s390x %sparc
@@ -103,6 +105,9 @@
 rm -f %{buildroot}%{_docdir}/%{name}/sample.syslog.conf
 rm -f %{buildroot}%{_docdir}/%{name}/schema.OpenLDAP
 rm -f %{buildroot}%{_libexecdir}/%{name}/sudoers.la
+%find_lang %{name}
+%find_lang sudoers
+cat sudoers.lang  %{name}.lang
 
 %post
 chmod 0440 %{_sysconfdir}/sudoers
@@ -118,7 +123,7 @@
 %clean
 rm -rf %{buildroot}
 
-%files
+%files -f %{name}.lang
 %defattr(-,root,root)
 %doc %{_docdir}/%{name}
 %doc %{_mandir}/man?/*

++ sudo-grp-include.patch ++
Index: sudo-1.8.2/common/setgroups.c
===
--- sudo-1.8.2.orig/common/setgroups.c
+++ sudo-1.8.2/common/setgroups.c
@@ -33,6 +33,7 @@
 #endif /*