Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sudo for openSUSE:Factory checked in at 2023-02-17 16:43:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sudo (Old) and /work/SRC/openSUSE:Factory/.sudo.new.22824 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo" Fri Feb 17 16:43:45 2023 rev:141 rq:1066068 version:1.9.13 Changes: -------- --- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2023-01-24 20:35:32.805380732 +0100 +++ /work/SRC/openSUSE:Factory/.sudo.new.22824/sudo.changes 2023-02-17 16:43:47.714453853 +0100 @@ -1,0 +2,106 @@ +Wed Feb 15 00:17:43 UTC 2023 - Jason Sikes <jsi...@suse.com> + +- Update to 1.9.13: + * Changes in 1.9.13: + + Fixed a bug running relative commands via sudo when log_subcmds + is enabled. GitHub issue #194. + + Fixed a signal handling bug when running sudo commands in a shell + script. Signals were not being forwarded to the command when the + sudo process was not run in its own process group. + + Fixed a bug in the cvtsudoers LDIF parsing when the file ends without + a newline and a backslash is the last character of the file. + + Fixed a potential use-after-free bug with cvtsudoers filtering. + GitHub issue #198. + + Added a reminder to the default lecture that the password will not + echo. This line is only displayed when the pwfeedback option is + disabled. GitHub issue #195. + + Fixed potential memory leaks in error paths. GitHub issue #199. + GitHub issue #202. + + Fixed potential NULL dereferences on memory allocation failure. + GitHub issue #204. GitHub issue #211. + + Sudo now uses C23-style attributes in function prototypes instead + of gcc-style attributes if supported. + + Added a new list pseudo-command in sudoers to allow a user to list + another userâs privileges. Previously, only root or a user with + the ability to run any command as either root or the target user + on the current host could use the -U option. This also includes a + fix to the log entry when a user lacks permission to run + sudo -U otheruser -l command. Previously, the logs would indicate + that the user tried to run the actual command, now the log entry + includes the list operation. + + JSON logging now escapes control characters if they happen to + appear in the command or environment. + + New Albanian translation from translationproject.org. + + Regular expressions in sudoers or logsrvd.conf may no longer contain + consecutive repetition operators. This is implementation- specific + behavior according to POSIX, but some implementations will allocate + excessive amounts of memory. This mainly affects the fuzzers. + + Sudo now builds AIX-style shared libraries and dynamic shared + objects by default instead of svr4-style. This means that the + default sudo plugins are now .a (archive) files that contain a .so + shared object file instead of bare .so files. This was done to + improve compatibility with the AIX Freeware ecosystem, specifically, + the AIX Freeware build of OpenSSL. Sudo will still load + svr4-style .so plugins and if a .so file is requested, either via + sudo.conf or the sudoers file, and only the .a file is present, + sudo will convert the path from plugin.so to plugin.a(plugin.so) + when loading it. This ensures compatibility with existing + configurations. To restore the old, pre-1.9.13 behavior, run + configure using the âwith-aix-soname=svr4 option. + + Sudo no longer checks the ownership and mode of the plugins that + it loads. Plugins are configured via either the sudo.conf or + sudoers file which are trusted configuration files. These checks + suffered from time-of-check vs. time-of-use race conditions and + complicate loading plugins that are not simple paths. Ownership + and mode checks are still performed when loading the sudo.conf + and sudoers files, which do not suffer from race conditions. + The sudo.conf developer_mode setting is no longer used. + + Control characters in sudo log messages and sudoreplay -l output + are now escaped in octal format. Space characters in the command + path are also escaped. Command line arguments that contain spaces + are surrounded by single quotes and any literal single quote or + backslash characters are escaped with a backslash. This makes it + possible to distinguish multiple command line arguments from a + single argument that contains spaces. + + Improved support for DragonFly BSD which uses a different + struct procinfo than either FreeBSD or 4.4BSD. + + Fixed a compilation error on Linux arm systems running older + kernels that may not define EM_ARM in linux/elf-em.h. + GitHub issue #232. + + Fixed a compilation error when LDFLAGS contains -Wl,âno-undefined. + Sudo will now link using -Wl,âno-undefined by default if possible. + GitHub issue #234. + + Fixed a bug executing a command with a very long argument vector + when log_subcmds or intercept is enabled on a system where + intercept_type is set to trace. GitHub issue #194. + + When sudo is configured to run a command in a pseudo-terminal but + the standard input is not connected to a terminal, the command + will now be run as a background process. This works around a problem + running sudo commands in the background from a shell script where + changing the terminal to raw mode could interfere with the interactive + shell that ran the script. GitHub issue #237. + + A missing include file in sudoers is no longer a fatal error unless + the error_recovery plugin argument has been set to false. + +------------------------------------------------------------------- Old: ---- sudo-1.9.12p2.tar.gz sudo-1.9.12p2.tar.gz.sig New: ---- sudo-1.9.13.tar.gz sudo-1.9.13.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.ijaat8/_old 2023-02-17 16:43:48.430457885 +0100 +++ /var/tmp/diff_new_pack.ijaat8/_new 2023-02-17 16:43:48.438457930 +0100 @@ -17,7 +17,7 @@ Name: sudo -Version: 1.9.12p2 +Version: 1.9.13 Release: 0 Summary: Execute some commands as root License: ISC ++++++ sudo-1.9.12p2.tar.gz -> sudo-1.9.13.tar.gz ++++++ ++++ 135319 lines of diff (skipped)
