Revisions of sudo
Ismail Dönmez (namtrac)
accepted
request 143956
from
Marcus Meissner (msmeissn)
(revision 52)
license update: ISC Look at the license file (forwarded request 143855 from babelworx)
Stephan Kulow (coolo)
accepted
request 140161
from
Marcus Meissner (msmeissn)
(revision 51)
- sudo 1.8.6p3 * Support for using the System Security Services Daemon (SSSD) as a source of sudoers data * Fixed a race condition that could cause sudo to receive SIGTTOU (and stop) when resuming a shell that was run via sudo when I/O logging (and use_pty) is not enabled. * The sudoers plugin now takes advantage of symbol visibility controls when supported by the compiler or linker. * Sending SIGTSTP directly to the sudo process will now suspend the running command when I/O logging (and use_pty) is not enabled. (forwarded request 140141 from elvigia)
Stephan Kulow (coolo)
accepted
request 139473
from
Cristian Rodríguez (elvigia)
(revision 50)
- add explicit buildrequire on groff (forwarded request 139469 from coolo)
Adrian Schröter (adrianSuSE)
committed
(revision 49)
branched from openSUSE:Factory
Stephan Kulow (coolo)
accepted
request 124895
from
Robert Milasan (rmilasan)
(revision 48)
Update to 1.8.5p2; we want this as it includes important fixes (forwarded request 124880 from vuntz)
Stephan Kulow (coolo)
accepted
request 121250
from
Marcus Meissner (msmeissn)
(revision 47)
- update to 1.8.5 Some of the changes: * /etc/environment is no longer read directly on Linux systems when PAM is used. Sudo now merges the PAM environment into the user's environment which is typically set by the pam_env module. * The plugin API has been extended * The policy plugin's init_session function is now called by the parent sudo process, not the child process that executes the command This allows the PAM session to be open and closed in the same process, which some PAM modules require. * A new group provider plugin, system_group, is included * Fixed a potential security issue in the matching of hosts against an IPv4 network specified in sudoers.The flaw may allow a user who is authorized to run commands on hosts belonging to one IPv4 network to run commands on a different host (CVE-2012-2337) (forwarded request 121223 from vitezslav_cizek)
Stephan Kulow (coolo)
accepted
request 108650
from
Vítězslav Čížek (vitezslav_cizek)
(revision 46)
- update to 1.8.4p2 Some of the changes: * The -D flag in sudo has been replaced with a more general debugging framework that is configured in sudo.conf. * Fixed a crash with sudo -i when a runas group was specified without a runas user. * New Serbian and Spanish translations for sudo from translationproject.org. LDAP-based sudoers may now access by group ID in addition to group name. * visudo will now fix the mode on the sudoers file even if no changes are made unless the -f option is specified. * On systems that use login.conf, sudo -i now sets environment variables based on login.conf * values in the LDAP search expression are now escaped as per RFC 4515 * The deprecated "noexec_file" sudoers option is no longer supported. * Fixed a race condition when I/O logging is not enabled that could result in tty-generated signals (e.g. control-C) being received by the command twice. * visudo -c will now list any include files that were checked in addition to the main sudoers file when everything parses OK. * Users that only have read-only access to the sudoers file may now run visudo -c. Previously, write permissions were required even though no writing is down in check-only mode.
Stephan Kulow (coolo)
accepted
request 102196
from
Vítězslav Čížek (vitezslav_cizek)
(revision 45)
- update to 1.8.3p2 * Fixed a format string vulnerability when the sudo binary (or a symbolic link to the sudo binary) contains printf format escapes and the -D (debugging) flag is used.
Stephan Kulow (coolo)
accepted
request 101544
from
Cristian Rodríguez (elvigia)
(revision 44)
- honour global CFLAGS and LDFLAGS when compiling sesh, to avoid rpmlint error (bnc#743157) (forwarded request 101520 from vitezslav_cizek)
Stephan Kulow (coolo)
accepted
request 98380
from
Cristian Rodríguez (elvigia)
(revision 43)
Set timedir correctly (forwarded request 98341 from a_jaeger)
Stephan Kulow (coolo)
committed
(revision 42)
replace license with spdx.org variant
Stephan Kulow (coolo)
accepted
request 89911
from
Vítězslav Čížek (vitezslav_cizek)
(revision 41)
- update to sudo-1.8.3 - Fixed expansion of strftime() escape sequences in the log_dir sudoers setting. - Esperanto, Italian and Japanese translations from translationproject.org. - Added --enable-werror configure option for gcc's -Werror flag. - Visudo no longer assumes all editors support the +linenumber command line argument. It now uses a whitelist of editors known to support the option. - Fixed matching of network addresses when a netmask is specified but the address is not the first one in the CIDR block. - The configure script now check whether or not errno.h declares the errno variable. Previously, sudo would always declare errno itself for older systems that don't declare it in errno.h. - The NOPASSWD tag is now honored for denied commands too, which matches historic sudo behavior (prior to sudo 1.7.0). - Sudo now honors the DEREF setting in ldap.conf which controls how alias dereferencing is done during an LDAP search. - A symbol conflict with the pam_ssh_agent_auth PAM module that would cause a crash been resolved. - The inability to load a group provider plugin is no longer a fatal error. - A potential crash in the utmp handling code has been fixed. - Two PAM session issues have been resolved. In previous versions of sudo, the PAM session was opened as one user and closed as another. Additionally, if no authentication was performed, the PAM session would never be closed.
Adrian Schröter (adrianSuSE)
committed
(revision 40)
Lars Vogdt (lrupp)
accepted
request 87713
from
Vítězslav Čížek (vitezslav_cizek)
(revision 39)
- updated to sudo-1.8.2 * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural language support (NLS). This can be disabled by passing configure the --disable-nls option. Sudo will use gettext(), if available, to display translated messages. All translations are coordinated via The Translation Project, http://translationproject.org/. * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of RTLD_LOCAL. This fixes missing symbol problems in PAM modules on certain platforms, such as FreeBSD and SuSE Linux Enterprise. * I/O logging is now supported for commands run in background mode (using sudo's -b flag). * Group ownership of the sudoers file is now only enforced when the file mode on sudoers allows group readability or writability. * Visudo now checks the contents of an alias and warns about cycles when the alias is expanded. * If the user specifes a group via sudo's -g option that matches the target user's group in the password database, it is now allowed even if no groups are present in the Runas_Spec. * The sudo Makefiles now have more complete dependencies which are automatically generated instead of being maintained manually. * The "use_pty" sudoers option is now correctly passed back to the sudo front end. This was missing in previous versions of sudo 1.8 which prevented "use_pty" from being honored. * "sudo -i command" now works correctly with the bash version 2.0 and higher. Previously, the .bash_profile would not be sourced prior to running the command unless bash was built with NON_INTERACTIVE_LOGIN_SHELLS defined. * When matching groups in the sudoers file, sudo will now match based on the name of the group instead of the group ID. This can substantially reduce the number of group lookups for sudoers
Sascha Peilicke (saschpe)
committed
(revision 38)
Autobuild autoformatter for 70788
Sascha Peilicke (saschpe)
accepted
request 70788
from
Petr Uzel (puzel)
(revision 37)
update to 1.8.1p2
Sascha Peilicke (saschpe)
committed
(revision 36)
Autobuild autoformatter for 64995
Sascha Peilicke (saschpe)
accepted
request 64995
from
Petr Uzel (puzel)
(revision 35)
Accepted submit request 64995 from user coolo
autobuild
committed
(revision 34)
11.4 source split
Ruediger Oertel (oertel)
committed
(revision 33)
Autobuild autoformatter for 59319
Displaying revisions 101 - 120 of 152