Hello community, here is the log from the commit of package sudo checked in at Thu Dec 7 21:29:20 CET 2006. -------- --- sudo/sudo.changes 2006-10-04 19:36:09.000000000 +0200 +++ /mounts/work_src_done/STABLE/sudo/sudo.changes 2006-11-30 14:13:58.000000000 +0100 @@ -1,0 +2,10 @@ +Thu Nov 30 14:12:34 CET 2006 - prusnak@suse.cz + +- package /etc/sudoers as 0440 [Fate#300934] + +------------------------------------------------------------------- +Wed Nov 29 18:29:23 CET 2006 - prusnak@suse.cz + +- protect locale-related environment variables from resetting (sudoers.diff) [#222728] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.JArNn2/_old 2006-12-07 21:28:52.000000000 +0100 +++ /var/tmp/diff_new_pack.JArNn2/_new 2006-12-07 21:28:52.000000000 +0100 @@ -13,10 +13,10 @@ Name: sudo BuildRequires: openldap2-devel pam-devel postfix Version: 1.6.8p12 -Release: 25 +Release: 40 Autoreqprov: on Group: System/Base -License: BSD +License: BSD License and BSD-like URL: http://www.courtesan.com/sudo Summary: Execute some commands as root Source0: %{name}-%{version}.tar.bz2 @@ -84,7 +84,7 @@ --with-ignore-dot \ --with-tty-tickets \ --enable-shell-sets-home \ - --with-sudoers-mode=0640 \ + --with-sudoers-mode=0440 \ --with-pam \ --with-ldap \ --with-env-editor \ @@ -105,7 +105,7 @@ %files %defattr(-,root,root) -%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/sudoers +%config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers %config %{_sysconfdir}/pam.d/sudo %doc BUGS CHANGES HISTORY LICENSE PORTING README RUNSON README.SUSE %doc TODO TROUBLESHOOTING *.pod @@ -117,6 +117,10 @@ /var/run/sudo %changelog -n sudo +* Thu Nov 30 2006 - prusnak@suse.cz +- package /etc/sudoers as 0440 [Fate#300934] +* Wed Nov 29 2006 - prusnak@suse.cz +- protect locale-related environment variables from resetting (sudoers.diff) [#222728] * Wed Oct 04 2006 - mjancar@suse.cz - enable LDAP support (#159774) * Wed Jun 14 2006 - schwab@suse.de ++++++ sudo-1.6.8p12-sudoers.diff ++++++ --- /var/tmp/diff_new_pack.JArNn2/_old 2006-12-07 21:28:53.000000000 +0100 +++ /var/tmp/diff_new_pack.JArNn2/_new 2006-12-07 21:28:53.000000000 +0100 @@ -1,6 +1,6 @@ --- sudoers +++ sudoers -@@ -13,6 +13,19 @@ +@@ -13,6 +13,20 @@ # Defaults specification @@ -9,6 +9,7 @@ +# CVE-2006-0151) +Defaults always_set_home +Defaults env_reset ++Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS" + +# In the default (unconfigured) configuration, sudo asks for the root password. +# This allows use of an ordinary user account for administration of a freshly ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org