Hello community, here is the log from the commit of package sudo for openSUSE:11.4 checked in at Wed Sep 7 16:02:18 CEST 2011. -------- --- old-versions/11.4/all/sudo/sudo.changes 2011-01-28 12:22:22.000000000 +0100 +++ 11.4/sudo/sudo.changes 2011-09-05 14:47:05.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Aug 29 13:18:20 UTC 2011 - puzel@suse.com + +- update to sudo-1.7.6p2 (bnc#681296) + - see /usr/share/doc/packages/sudo/NEWS + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/sudo Destination is old-versions/11.4/UPDATES/all/sudo calling whatdependson for 11.4-i586 Old: ---- sudo-1.7.1-__P.diff sudo-1.7.1-defaults.diff sudo-1.7.1-env.diff sudo-1.7.1-pam_rhost.diff sudo-1.7.1-secure_path.diff sudo-1.7.1-strip.diff sudo-1.7.1-sudoers.diff sudo-1.7.2p7.tar.gz sudo-CVE-2011-0010.patch New: ---- sudo-1.7.6p2.tar.bz2 sudo-__P.diff sudo-defaults.diff sudo-env.diff sudo-ldap.diff sudo-secure_path.diff sudo-sudoers.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sudo.spec ++++++ --- /var/tmp/diff_new_pack.PNoXud/_old 2011-09-07 16:00:49.000000000 +0200 +++ /var/tmp/diff_new_pack.PNoXud/_new 2011-09-07 16:00:49.000000000 +0200 @@ -22,23 +22,21 @@ BuildRequires: openldap2-devel pam-devel postfix BuildRequires: libselinux-devel PreReq: coreutils -Version: 1.7.2p7 -Release: 5 +Version: 1.7.6p2 +Release: 0.<RELEASE2> Group: System/Base License: BSD3c(or similar) Url: http://www.sudo.ws/ Summary: Execute some commands as root -Source0: http://sudo.ws/sudo/dist/%{name}-%{version}.tar.gz +Source0: http://sudo.ws/sudo/dist/%{name}-%{version}.tar.bz2 Source1: %{name}.pamd Source2: README.SUSE -Patch1: %{name}-1.7.1-defaults.diff -Patch2: %{name}-1.7.1-sudoers.diff -Patch3: %{name}-1.7.1-__P.diff -Patch4: %{name}-1.7.1-strip.diff -Patch5: %{name}-1.7.1-secure_path.diff -Patch6: %{name}-1.7.1-env.diff -Patch7: %{name}-1.7.1-pam_rhost.diff -Patch8: sudo-CVE-2011-0010.patch +Patch1: %{name}-defaults.diff +Patch2: %{name}-sudoers.diff +Patch3: %{name}-__P.diff +Patch5: %{name}-secure_path.diff +Patch6: %{name}-ldap.diff +Patch7: %{name}-env.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -63,12 +61,10 @@ %patch1 %patch2 %patch3 -%patch4 %patch5 %patch6 %patch7 -%patch8 -p1 -cp %{SOURCE2} . +cp %{S:1} %{S:2} . %build %ifarch s390 s390x %sparc @@ -80,6 +76,7 @@ export LDFLAGS="-pie" %configure \ --libexecdir=%{_libexecdir}/sudo \ + --docdir=%{_docdir}/%{name} \ --with-noexec=%{_libexecdir}/sudo/sudo_noexec.so \ --with-selinux \ --with-logfac=auth \ @@ -98,9 +95,9 @@ %install make DESTDIR=$RPM_BUILD_ROOT install -install -d -m 700 $RPM_BUILD_ROOT%{_localstatedir}/run/sudo +install -d -m 700 $RPM_BUILD_ROOT/var/lib/sudo install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/pam.d -install -m 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo +install -m 644 sudo.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/sudo install -m 755 sudoers2ldif $RPM_BUILD_ROOT%{_sbindir}/sudoers2ldif rm -f $RPM_BUILD_ROOT%{_bindir}/sudoedit ln -sf %{_bindir}/sudo $RPM_BUILD_ROOT%{_bindir}/sudoedit @@ -109,13 +106,15 @@ %post chmod 0440 %{_sysconfdir}/sudoers +#bnc#712434 +rm -rf /var/run/sudo %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) -%doc HISTORY LICENSE PORTING README README.LDAP README.SUSE TROUBLESHOOTING UPGRADE WHATSNEW *.pod +%doc ChangeLog HISTORY LICENSE PORTING README README.LDAP README.SUSE TROUBLESHOOTING *.pod NEWS %doc %{_mandir}/man?/* %config(noreplace) %attr(0440,root,root) %{_sysconfdir}/sudoers %config %{_sysconfdir}/pam.d/sudo @@ -124,8 +123,9 @@ %dir %{_sysconfdir}/openldap/schema %attr(0444,root,root) %config %{_sysconfdir}/openldap/schema/sudo.schema %{_bindir}/sudoedit +%{_bindir}/sudoreplay %{_sbindir}/* %{_libexecdir}/sudo -%{_localstatedir}/run/sudo +/var/lib/sudo %changelog ++++++ sudo-1.7.2p7.tar.gz -> sudo-1.7.6p2.tar.bz2 ++++++ ++++ 174781 lines of diff (skipped) ++++++ sudo-__P.diff ++++++ Index: missing.h =================================================================== --- missing.h.orig +++ missing.h @@ -34,6 +34,7 @@ */ /* Deal with ANSI stuff reasonably. */ +#undef __P #ifndef __P # if defined (__cplusplus) || defined (__STDC__) # define __P(args) args ++++++ sudo-defaults.diff ++++++ --- defaults.c +++ defaults.c @@ -430,9 +430,6 @@ #ifdef FQDN def_fqdn = TRUE; #endif -#ifdef USE_INSULTS - def_insults = TRUE; -#endif #ifdef ENV_EDITOR def_env_editor = TRUE; #endif ++++++ sudo-env.diff ++++++ --- sudoers2ldif +++ sudoers2ldif @@ -1,4 +1,4 @@ -#!/usr/bin/env perl +#!/usr/bin/perl use strict; # ++++++ sudo-ldap.diff ++++++ Index: configure.in =================================================================== --- configure.in.orig +++ configure.in @@ -2711,7 +2711,7 @@ if test ${with_ldap-'no'} != "no"; then SUDO_LIBS="${SUDO_LIBS} ${LDAP_LIBS}" LIBS="$_LIBS" - LDFLAGS="$_LDFLAGS" + LDFLAGS="${LDFLAGS} $_LDFLAGS" fi dnl ++++++ sudo-secure_path.diff ++++++ Index: pathnames.h.in =================================================================== --- pathnames.h.in.orig +++ pathnames.h.in @@ -44,7 +44,7 @@ #endif /* _PATH_DEVNULL */ #ifndef _PATH_DEFPATH -#define _PATH_DEFPATH "/usr/bin:/bin" +#define _PATH_DEFPATH "/usr/bin:/bin:/usr/sbin:/sbin" #endif /* _PATH_DEFPATH */ #ifndef _PATH_STDPATH Index: env.c =================================================================== --- env.c.orig +++ env.c @@ -756,7 +756,7 @@ rebuild_env(noexec) } } /* Replace the PATH envariable with a secure one? */ - if (def_secure_path && !user_is_exempt()) { + if (def_secure_path && !user_is_exempt() && def_env_reset) { sudo_setenv("PATH", def_secure_path, TRUE); SET(didvar, DID_PATH); } ++++++ sudo-sudoers.diff ++++++ Index: sudoers.in =================================================================== --- sudoers.in.orig +++ sudoers.in @@ -1,90 +1,51 @@ -## sudoers file. -## -## This file MUST be edited with the 'visudo' command as root. -## Failure to use 'visudo' may result in syntax or file permission errors -## that prevent sudo from running. -## -## See the sudoers man page for the details on how to write a sudoers file. -## - -## -## Host alias specification -## -## Groups of machines. These may include host names (optionally with wildcards), -## IP addresses, network numbers or netgroups. -# Host_Alias WEBSERVERS = www1, www2, www3 - -## -## User alias specification -## -## Groups of users. These may consist of user names, uids, Unix groups, -## or netgroups. -# User_Alias ADMINS = millert, dowdy, mikef - -## -## Cmnd alias specification -## -## Groups of commands. Often used to group related commands together. -# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ -# /usr/bin/pkill, /usr/bin/top - -## -## Defaults specification -## -## You may wish to keep some of the following environment variables -## when running commands via sudo. -## -## Locale settings -# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET" -## -## Run X applications through sudo; HOME is used to find the -## .Xauthority file. Note that other programs use HOME to find -## configuration files and this may lead to privilege escalation! -# Defaults env_keep += "HOME" -## -## X11 resource path settings -# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH" -## -## Desktop path settings -# Defaults env_keep += "QTDIR KDEDIR" -## -## Allow sudo-run commands to inherit the callers' ConsoleKit session -# Defaults env_keep += "XDG_SESSION_COOKIE" -## -## Uncomment to enable special input methods. Care should be taken as -## this may allow users to subvert the command being run via sudo. -# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" -## -## Uncomment to enable logging of a command's output, except for -## sudoreplay and reboot. Use sudoreplay to play back logged sessions. -# Defaults log_output -# Defaults!/usr/bin/sudoreplay !log_output -# Defaults!/usr/local/bin/sudoreplay !log_output -# Defaults!/sbin/reboot !log_output - -## -## Runas alias specification -## - -## -## User privilege specification -## +# sudoers file. +# +# This file MUST be edited with the 'visudo' command as root. +# Failure to use 'visudo' may result in syntax or file permission errors +# that prevent sudo from running. +# +# See the sudoers man page for the details on how to write a sudoers file. +# + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# Defaults specification + +# Prevent environment variables from influencing programs in an +# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151) +Defaults always_set_home +Defaults env_reset +# Change env_reset to !env_reset in previous line to keep all environment variables +# Following list will no longer be necessary after this change + +Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE" +# Comment out the preceding line and uncomment the following one if you need +# to use special input methods. This may allow users to compromise the root +# account if they are allowed to run commands without authentication. +#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER" + +# In the default (unconfigured) configuration, sudo asks for the root password. +# This allows use of an ordinary user account for administration of a freshly +# installed system. When configuring sudo, delete the two +# following lines: +Defaults targetpw # ask for the password of the target user i.e. root +ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! + +# Runas alias specification + +# User privilege specification root ALL=(ALL) ALL -## Uncomment to allow members of group wheel to execute any command +# Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL -## Same thing without a password +# Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL -## Uncomment to allow members of group sudo to execute any command -# %sudo ALL=(ALL) ALL - -## Uncomment to allow any user to run sudo if they know the password -## of the user they are running the command as (root by default). -# Defaults targetpw # Ask for the password of the target user -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' - -## Read drop-in files from @sysconfdir@/sudoers.d -## (the '#' here does not indicate a comment) -#includedir @sysconfdir@/sudoers.d +# Samples +# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom +# %users localhost=/sbin/shutdown -h now ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org