Hello community,
here is the log from the commit of package sudo for openSUSE:Factory checked in
at 2019-10-30 14:42:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sudo (Old)
and /work/SRC/openSUSE:Factory/.sudo.new.2990 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sudo"
Wed Oct 30 14:42:14 2019 rev:104 rq:743446 version:1.8.28p1
Changes:
--------
--- /work/SRC/openSUSE:Factory/sudo/sudo.changes 2019-08-27
15:20:48.368858384 +0200
+++ /work/SRC/openSUSE:Factory/.sudo.new.2990/sudo.changes 2019-10-30
14:42:18.777830997 +0100
@@ -1,0 +2,66 @@
+Wed Oct 16 15:08:29 UTC 2019 - Vítězslav Čížek <vci...@suse.com>
+
+- Update to 1.8,28p1
+ * The fix for Bug #869 caused "sudo -v" to prompt for a password
+ when "verifypw" is set to "all" (the default) and all of the
+ user's sudoers entries are marked with NOPASSWD. Bug #901.
+
+-------------------------------------------------------------------
+Mon Oct 14 15:10:21 UTC 2019 - Vítězslav Čížek <vci...@suse.com>
+
+- Update to 1.8.28
+ * Fixed CVE-2019-14287 (bsc#1153674),
+ a bug where a sudo user may be able to
+ run a command as root when the Runas specification explicitly
+ disallows root access as long as the ALL keyword is listed first.
+ * Sudo will now only set PAM_TTY to the empty string when no
+ terminal is present on Solaris and Linux. This workaround is
+ only needed on those systems which may have PAM modules that
+ misbehave when PAM_TTY is not set.
+ * The mailerflags sudoers option now has a default value even if
+ sendmail support was disabled at configure time. Fixes a crash
+ when the mailerpath sudoers option is set but mailerflags is not.
+ Bug #878.
+ * Sudo will now filter out last login messages on HP-UX unless it
+ a shell is being run via "sudo -s" or "sudo -i". Otherwise,
+ when trusted mode is enabled, these messages will be displayed
+ for each command.
+ * Sudo has a new -B command line option that will ring the terminal
+ bell when prompting for a password.
+ * Sudo no longer refuses to prompt for a password when it cannot
+ determine the user's terminal as long as it can open /dev/tty.
+ This allows sudo to function on systems where /proc is unavailable,
+ such as when running in a chroot environment.
+ * The "env_editor" sudoers flag is now on by default. This makes
+ source builds more consistent with the packages generated by
+ sudo's mkpkg script.
+ * Fixed a bad interaction with configure's --prefix and
+ --disable-shared options. Bug #886.
+ * More verbose error message when a password is required and no terminal
+ is present. Bug #828.
+ * Command tags, such as NOPASSWD, are honored when a user tries to run a
+ command that is allowed by sudoers but which does not actually
+ exist on the file system. Bug #888.
+ * I/O log timing files now store signal suspend and resume information
+ in the form of a signal name instead of a number.
+ * Fixed a bug introduced in 1.8.24 that prevented sudo from honoring
+ the value of "ipa_hostname" from sssd.conf, if specified, when
+ matching the host name.
+ * Fixed a bug introduced in 1.8.21 that prevented the core dump
+ resource limit set in the pam_limits module from taking effect.
+ Bug #894.
+ * Fixed parsing of double-quoted Defaults group and netgroup bindings.
+ * The user ID is now used when matching sudoUser attributes in LDAP.
+ Previously, the user name, group name and group IDs were used
+ when matching but not the user ID.
+ * Sudo now writes PAM messages to the user's terminal, if available,
+ instead of the standard output or standard error. This prevents
+ PAM output from being intermixed with that of the command when
+ output is sent to a file or pipe. Bug #895.
+ * Sudoedit now honors the umask and umask_override settings in sudoers.
+ Previously, the user's umask was used as-is.
+ * Fixed a bug where the terminal's file context was not restored
+ when using SELinux RBAC. Bug #898.
+- refresh sudo-sudoers.patch
+
+-------------------------------------------------------------------
Old:
----
sudo-1.8.27.tar.gz
sudo-1.8.27.tar.gz.sig
New:
----
sudo-1.8.28p1.tar.gz
sudo-1.8.28p1.tar.gz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sudo.spec ++++++
--- /var/tmp/diff_new_pack.NQTadz/_old 2019-10-30 14:42:19.581831852 +0100
+++ /var/tmp/diff_new_pack.NQTadz/_new 2019-10-30 14:42:19.585831857 +0100
@@ -17,7 +17,7 @@
Name: sudo
-Version: 1.8.27
+Version: 1.8.28p1
Release: 0
Summary: Execute some commands as root
License: ISC
@@ -173,9 +173,10 @@
%dir %{_libexecdir}/%{name}
%{_libexecdir}/%{name}/sesh
%{_libexecdir}/%{name}/sudo_noexec.so
-%{_libexecdir}/%{name}/sudoers.so
-%{_libexecdir}/%{name}/group_file.so
-%{_libexecdir}/%{name}/system_group.so
+%dir %{_libexecdir}/%{name}/%{name}
+%{_libexecdir}/%{name}/%{name}/sudoers.so
+%{_libexecdir}/%{name}/%{name}/group_file.so
+%{_libexecdir}/%{name}/%{name}/system_group.so
%{_libexecdir}/%{name}/libsudo_util.so.*
%attr(0711,root,root) %dir %ghost %{_localstatedir}/lib/%{name}
%attr(0700,root,root) %dir %ghost %{_localstatedir}/lib/%{name}/ts
@@ -187,6 +188,7 @@
%{_includedir}/sudo_plugin.h
%{_mandir}/man8/sudo_plugin.8%{?ext_man}
%attr(0644,root,root) %{_libexecdir}/%{name}/libsudo_util.so
+%{_libexecdir}/%{name}/sudo/*.la
%{_libexecdir}/%{name}/*.la
%files test
++++++ sudo-sudoers.patch ++++++
--- /var/tmp/diff_new_pack.NQTadz/_old 2019-10-30 14:42:19.653831929 +0100
+++ /var/tmp/diff_new_pack.NQTadz/_new 2019-10-30 14:42:19.653831929 +0100
@@ -1,7 +1,7 @@
-Index: sudo-1.8.14p3/plugins/sudoers/sudoers.in
+Index: sudo-1.8.28/plugins/sudoers/sudoers.in
===================================================================
---- sudo-1.8.14p3.orig/plugins/sudoers/sudoers.in
-+++ sudo-1.8.14p3/plugins/sudoers/sudoers.in
+--- sudo-1.8.28.orig/plugins/sudoers/sudoers.in 2019-10-14
17:00:02.176362373 +0200
++++ sudo-1.8.28/plugins/sudoers/sudoers.in 2019-10-14 17:00:04.688378325
+0200
@@ -32,30 +32,23 @@
##
## Defaults specification
@@ -82,20 +82,20 @@
## Read drop-in files from @sysconfdir@/sudoers.d
## (the '#' here does not indicate a comment)
#includedir @sysconfdir@/sudoers.d
-Index: sudo-1.8.14p3/doc/sudoers.mdoc.in
+Index: sudo-1.8.28/doc/sudoers.mdoc.in
===================================================================
---- sudo-1.8.14p3.orig/doc/sudoers.mdoc.in
-+++ sudo-1.8.14p3/doc/sudoers.mdoc.in
-@@ -1711,7 +1711,7 @@ is present in the
+--- sudo-1.8.28.orig/doc/sudoers.mdoc.in 2019-10-14 17:00:02.176362373
+0200
++++ sudo-1.8.28/doc/sudoers.mdoc.in 2019-10-14 17:03:30.841685660 +0200
+@@ -1972,7 +1972,7 @@ is present in the
.Em env_keep
- list.
+ list, both of which are strongly discouraged.
This flag is
-.Em off
+.Em on
by default.
.It authenticate
If set, users must authenticate themselves via a password (or other
-@@ -2027,7 +2027,7 @@ If set,
+@@ -2364,7 +2364,7 @@ If set,
.Nm sudo
will insult users when they enter an incorrect password.
This flag is
@@ -104,7 +104,7 @@
by default.
.It log_host
If set, the host name will be logged in the (non-syslog)
-@@ -2508,7 +2508,7 @@ database as an argument to the
+@@ -2941,7 +2941,7 @@ database as an argument to the
.Fl u
option.
This flag is
