Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

sudo-1.9.7p2-1.3 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: sudo Distribution: openSUSE Tumbleweed
Version: 1.9.7p2 Vendor: openSUSE
Release: 1.3 Build date: Sun Sep 5 09:16:37 2021
Group: System/Base Build host: obs-arm-10
Size: 6438070 Source RPM: sudo-1.9.7p2-1.3.src.rpm
Summary: Execute some commands as root
Sudo is a command that allows users to execute some commands as root.
The /etc/sudoers file (edited with 'visudo') specifies which users have
access to sudo and which commands they can run. Sudo logs all its
activities to syslogd, so the system administrator can keep an eye on
things. Sudo asks for the password for initializing a check period of a
given time N (where N is defined at installation and is set to 5
minutes by default).






* Fri Jul 30 2021 peter czanik <>
  - update to 1.9.7p2
  - enabled openssl support for secure central session
    recording collection (without it's clear text)
  - fixed SLES12 build
    * When formatting JSON output, octal numbers are now stored as
    strings, not numbers.  The JSON spec does not actually support
    octal numbers with a '0' prefix.
    * Fixed a compilation issue on Solaris 9.
    * Sudo now can handle the getgroups() function returning a different
    number of groups for subsequent invocations.  GitHub PR #106.
    * When loading a Python plugin, now verifies
    that the module loaded matches the one we tried to load.  This
    allows sudo to display a more useful error message when trying
    to load a plugin with a name that conflicts with a Python module
    installed in the system location.
    * Sudo no longer sets the the open files resource limit to "unlimited"
    while it runs.  This avoids a problem where sudo's closefrom()
    emulation would need to close a very large number of descriptors
    on systems without a way to determine which ones are actually open.
    * Sudo now includes a configure check for va_copy or __va_copy and
    only defines its own version if the configure test fails.
    * Fixed a bug in sudo's utmp file handling which prevented old
    entries from being reused.  As a result, the utmp (or utmpx)
    file was appended to unnecessarily.  GitHub PR #108.
    * Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd
    from accepting TLS connections when OpenSSL is used.  Bug #988.
    * Fixed an SELinux sudoedit bug when the edited temporary file
    could not be opened.  The sesh helper would still be run even
    when there are no temporary files available to install.
    * Fixed a compilation problem on FreeBSD.
    * The file is now built as a module on all systems
    other than macOS.  This makes it possible to use other libtool
    implementations such as slibtool.  On macOS shared libraries and
    modules are not interchangeable and the version of libtool shipped
    with sudo must be used.
    * Fixed a few bugs in the getgrouplist() emulation on Solaris when
    reading from the local group file.
    * Fixed a bug in sudo_logsrvd that prevented periodic relay server
    connection retries from occurring in "store_first" mode.
    * Disabled the nss_search()-based getgrouplist() emulation on HP-UX
    due to a crash when the group source is set to "compat" in
    /etc/nsswitch.conf.  This is probably due to a mismatch between
    include/compat/nss_dbdefs.h and what HP-UX uses internally.  On
    HP-UX we now just cycle through groups the slow way using
    getgrent().  Bug #978.
* Mon Jul 12 2021 Yaroslav Kurlaev <>
  - Fix LC_TIME incorrectly named LC_ATIME
* Wed May 12 2021 Kristyna Streitova <>
  - update to 1.9.7
    * The "fuzz" Makefile target now runs all the fuzzers for 8192
      passes (can be overridden via the FUZZ_RUNS variable).  This makes
      it easier to run the fuzzers in-tree.  To run a fuzzer indefinitely,
      set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
    * Fixed fuzzing on FreeBSD where the ld.lld linker returns an
      error by default when a symbol is multiply-defined.
    * Added support for determining local IPv6 addresses on systems
      that lack the getifaddrs() function.  This now works on AIX,
      HP-UX and Solaris (at least).  Bug #969.
    * Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
      report a usage error.  Also, when invoked as sudoedit, sudo now
      allows a more restricted set of options that matches the usage
      statement and documentation.  GitHub issue #95.
    * Fixed a crash in sudo_sendlog when the specified certificate
      or key does not exist or is invalid.  Bug #970
    * Fixed a compilation error when sudo is configured with the
    - -disable-log-client option.
    * Sudo's limited support for SUCCESS=return entries in nsswitch.conf
      is now documented.  Bug #971.
    * Sudo now requires autoconf 2.70 or higher to regenerate the
      configure script.  Bug #972.
    * sudo_logsrvd now has a relay mode which can be used to create
      a hierarchy of log servers.  By default, when a relay server is
      defined, messages from the client are forwarded immediately to
      the relay.  However, if the "store_first" setting is enabled,
      the log will be stored locally until the command completes and
      then relayed.  Bug #965.
    * Sudo now links with OpenSSL by default if it is available unless
      the --disable-openssl configure option is used or both the
    - -disable-log-client and --disable-log-server configure options
      are specified.
    * Fixed configure's Python version detection when the version minor
      number is more than a single digit, for example Python 3.10.
    * The sudo Python module tests now pass for Python 3.10.
    * Sudo will now avoid changing the datasize resource limit
      as long as the existing value is at least 1GB.  This works around
      a problem on 64-bit HP-UX where it is not possible to exactly
      restore the original datasize limit.  Bug #973.
    * Fixed a race condition that could result in a hang when sudo is
      executed by a process where the SIGCHLD handler is set to SIG_IGN.
      This fixes the bug described by GitHub PR #98.
    * Fixed an out-of-bounds read in sudoedit and visudo when the
      EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
      unescaped backslash.  Also fixed the handling of quote characters
      that are escaped by a backslash.  GitHub issue #99.
    * Fixed a bug that prevented the "log_server_verify" sudoers option
      from taking effect.
    * The sudo_sendlog utility has a new -s option to cause it to stop
      sending I/O records after a user-specified elapsed time.  This
      can be used to test the I/O log restart functionality of sudo_logsrvd.
    * Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
      attempting to restart an interrupted I/O log transfer.
    * The TLS connection timeout in the sudoers log client was previously
      hard-coded to 10 seconds.  It now uses the value of log_server_timeout.
    * The configure script now outputs a summary of the user-configurable
      options at the end, separate from output of configure script tests.
      Bug #820.
    * Corrected the description of which groups may be specified via the
    - g option in the Runas_Spec section.  Bug #975.
* Sat Mar 20 2021 Dirk Müller <>
  - update to 1.9.6p1
    * Fixed a regression introduced in sudo 1.9.6 that resulted in an
    error message instead of a usage message when sudo is run with
    no arguments.
    * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
    * Fixed a regression introduced in sudo 1.9.4 where the
    - -disable-root-mailer configure option had no effect.
    * Added a --disable-leaks configure option that avoids some
    memory leaks on exit that would otherwise occur.  This is intended
    to be used with development tools that measure memory leaks.  It
    is not safe to use in production at this time.
    * Plugged some memory leaks identified by oss-fuzz and ASAN.
    * Fixed the handling of sudoOptions for an LDAP sudoRole that
    contains multiple sudoCommands.  Previously, some of the options
    would only be applied to the first sudoCommand.
    * Fixed a potential out of bounds read in the parsing of NOTBEFORE
    and NOTAFTER sudoers command options (and their LDAP equivalents).
    * The parser used for reading I/O log JSON files is now more
    resilient when processing invalid JSON.
    * Fixed typos that prevented "make uninstall" from working.
    * Fixed a regression introduced in sudo 1.9.4 where the last line
    in a sudoers file might not have a terminating NUL character
    added if no newline was present.
    * Integrated oss-fuzz and LLVM's libFuzzer with sudo.  The new
    - -enable-fuzzer configure option can be combined with the
    - -enable-sanitizer option to build sudo with fuzzing support.
    Multiple fuzz targets are available for fuzzing different parts
    of sudo.  Fuzzers are built and tested via "make fuzz" or as part
    of "make check" (even when sudo is not built with fuzzing support).
    Fuzzing support currently requires the LLVM clang compiler (not gcc).
    * Fixed the --enable-static-sudoers configure option.
    * Fixed a potential out of bounds read sudo when is run by a user
    with more groups than the value of "max_groups" in sudo.conf.
    * Added an "admin_flag" sudoers option to make the use of the
    ~/.sudo_as_admin_successful file configurable on systems where
    sudo is build with the --enable-admin-flag configure option.
    This mostly affects Ubuntu and its derivatives.
    * The "max_groups" setting in sudo.conf is now limited to 1024.
    This setting is obsolete and should no longer be needed.
    * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir"
    sudoers command options.  A path "~/foo" was expanded to
    "/home/userfoo" instead of "/home/user/foo".  This also affects
    the runchroot and runcwd Defaults settings.
    * Fixed a bug on systems without a native getdelim(3) function
    where very long lines could cause parsing of the sudoers file
    to end prematurely.
    * Fixed a potential integer overflow when converting the
    timestamp_timeout and passwd_timeout sudoers settings to a
    timespec struct.
    * The default for the "group_source" setting in sudo.conf is now
    "dynamic" on macOS.  Recent versions of macOS do not reliably
    return all of a user's non-local groups via getgroups(2), even
    when _DARWIN_UNLIMITED_GETGROUPS is defined.
    * Fixed a potential use-after-free in the PAM conversation function.
    * Fixed potential redefinition of sys/stat.h macros in sudo_compat.h.
* Wed Jan 27 2021 Simon Lees <>
  - Update to 1.9.5.p2
    * When invoked as sudoedit, the same set of command line
      options are now accepted as for sudo -e. The -H and -P
      options are now rejected for sudoedit and sudo -e which
      matches the sudo 1.7 behavior. This is part of the fix for
    * Fixed a potential buffer overflow when unescaping backslashes
      in the command's arguments. Normally, sudo escapes special
      characters when running a command via a shell (sudo -s or
      sudo -i). However, it was also possible to run sudoedit with
      the -s or -i flags in which case no escaping had actually
      been done, making a buffer overflow possible.
      This fixes CVE-2021-3156. (bsc#1181090)
    * Fixed sudo's setprogname(3) emulation on systems that don't
      provide it.
    * Fixed a problem with the sudoers log server client where a
      partial write to the server could result the sudo process
      consuming large amounts of CPU time due to a cycle in the
      buffer queue. Bug #954.
    * Added a missing dependency on libsudo_util in libsudo_eventlog.
      Fixes a link error when building sudo statically.
    * The user's KRB5CCNAME environment variable is now preserved
      when performing PAM authentication. This fixes GSSAPI
      authentication when the user has a non-default ccache.
* Thu Jan 14 2021 Kristyna Streitova <>
  - Update to 1.9.5.p1
    * Fixed a regression introduced in sudo 1.9.5 where the editor run
      by sudoedit was set-user-ID root unless SELinux RBAC was in use.
      The editor is now run with the user's real and effective user-IDs.
  - News in 1.9.5
    * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
      unknown user.  This is related to but distinct from Bug #948.
    * If the "lecture_file" setting is enabled in sudoers, it must now
      refer to a regular file or a symbolic link to a regular file.
    * Fixed a potential use-after-free bug in sudo_logsrvd when the
      server shuts down if there are existing connections from clients
      that are only logging events and not session I/O data.
    * Fixed a buffer size mismatch when serializing the list of IP
      addresses for configured network interfaces.  This bug is not
      actually exploitable since the allocated buffer is large enough
      to hold the list of addresses.
    * If sudo is executed with a name other than "sudo" or "sudoedit",
      it will now fall back to "sudo" as the program name.  This affects
      warning, help and usage messages as well as the matching of Debug
      lines in the /etc/sudo.conf file.  Previously, it was possible
      for the invoking user to manipulate the program name by setting
      argv[0] to an arbitrary value when executing sudo. (bsc#1180687)
    * Sudo now checks for failure when setting the close-on-exec flag
      on open file descriptors.  This should never fail but, if it
      were to, there is the possibility of a file descriptor leak to
      a child process (such as the command sudo runs).
    * Fixed CVE-2021-23239, a potential information leak in sudoedit
      that could be used to test for the existence of directories not
      normally accessible to the user in certain circumstances.  When
      creating a new file, sudoedit checks to make sure the parent
      directory of the new file exists before running the editor.
      However, a race condition exists if the invoking user can replace
      (or create) the parent directory.  If a symbolic link is created
      in place of the parent directory, sudoedit will run the editor
      as long as the target of the link exists.  If the target of the
      link does not exist, an error message will be displayed.  The
      race condition can be used to test for the existence of an
      arbitrary directory.  However, it _cannot_ be used to write to
      an arbitrary location. (bsc#1180684)
    * Fixed CVE-2021-23240, a flaw in the temporary file handling of
      sudoedit's SELinux RBAC support.  On systems where SELinux is
      enabled, a user with sudoedit permissions may be able to set the
      owner of an arbitrary file to the user-ID of the target user.
      On Linux kernels that support "protected symlinks", setting
      /proc/sys/fs/protected_symlinks to 1 will prevent the bug from
      being exploited.  For more information see (bsc#1180685)
    * Added writability checks for sudoedit when SELinux RBAC is in use.
      This makes sudoedit behavior consistent regardless of whether
      or not SELinux RBAC is in use.  Previously, the "sudoedit_checkdir"
      setting had no effect for RBAC entries.
    * A new sudoers option "selinux" can be used to disable sudo's
      SELinux RBAC support.
    * Quieted warnings from PVS Studio, clang analyzer, and cppcheck.
      Added suppression annotations for PVS Studio false positives.
* Mon Dec 21 2020 Kristyna Streitova <>
  - Update to 1.9.4p2
    * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash
      if the sudoers file contains a runas user-specific Defaults entry.
      Bug #951.
  - News in 1.9.4p1
    * Fixed a regression introduced in version 1.9.4 where sudo would
      not build when configured using the --without-sendmail option.
      Bug #947.
    * Fixed a problem where if I/O logging was disabled and sudo was
      unable to connect to sudo_logsrvd, the command would still be
      allowed to run even when the "ignore_logfile_errors" sudoers
      option was enabled.
    * Fixed a crash introduced in version 1.9.4 when attempting to run
      a command as a non-existent user.  Bug #948.
    * The installed sudo.conf file now has the default sudoers Plugin
      lines commented out.  This fixes a potential conflict when there
      is both a system-installed version of sudo and a user-installed
      version.  GitHub issue #75.
    * Fixed a regression introduced in sudo 1.9.4 where sudo would run
      the command as a child process even when a pseudo-terminal was
      not in use and the "pam_session" and "pam_setcred" options were
      disabled.  GitHub issue #76.
    * Fixed a regression introduced in sudo 1.8.9 where the "closefrom"
      sudoers option could not be set to a value of 3.  Bug #950.
* Mon Nov 30 2020 Kristyna Streitova <>
  - Update to 1.9.4
    * The sudoers parser will now detect when an upper-case reserved
      word is used when declaring an alias.  Now instead of "syntax
      error, unexpected CHROOT, expecting ALIAS" the message will be
      "syntax error, reserved word CHROOT used as an alias name".
      Bug #941.
    * Better handling of sudoers files without a final newline.
      The parser now adds a newline at end-of-file automatically which
      removes the need for special cases in the parser.
    * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end
      where an uninitialized pointer could be freed on an error path.
      GitHub issue #67.
    * The core logging code is now shared between sudo_logsrvd and
      the sudoers plugin.
    * JSON log entries sent to syslog now use "minimal" JSON which
      skips all non-essential whitespace.
    * The sudoers plugin can now produce JSON-formatted logs.  The
      "log_format" sudoers option can be used to select sudo or json
      format logs.  The default is sudo format logs.
    * The sudoers plugin and visudo now display the column number in
      syntax error messages in addition to the line number.  Bug #841.
    * If I/O logging is not enabled but "log_servers" is set, the
      sudoers plugin will now log accept events to sudo_logsrvd.
      Previously, the accept event was only sent when I/O logging was
      enabled.  The sudoers plugin now sends reject and alert events too.
    * The sudo logsrv protocol has been extended to allow an AlertMessage
      to contain an optional array of InfoMessage, as AcceptMessage
      and RejectMessage already do.
    * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result
      in duplicate entries in the debug log when debugging was enabled.
    * The visudo utility now supports EDITOR environment variables
      that use single or double quotes in the command arguments.
      Bug #942.
    * The PAM session modules now run when sudo is set-user-ID root,
      which allows a module to determine the original user-ID.
      Bug #944.
    * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end
      where sudoNotBefore and sudoNotAfter were applied even when the
      SUDOERS_TIMED setting was not present in ldap.conf.  Bug #945.
    * Sudo packages for macOS 11 now contain universal binaries that
      support both Intel and Apple Silicon CPUs.
    * For sudo_logsrvd, an empty value for the "pid_file" setting in
      sudo_logsrvd.conf will now disable the process ID file.
  - Remove sudo-1.9.3p1-pam_xauth.patch (upstreamed)
* Fri Nov 13 2020 Kristyna Streitova <>
  - Update to 1.9.3p1
    * Fixed a regression introduced in sudo 1.9.3 where the configure
      script would not detect the crypt(3) function if it was present
      in the C library, not an additional library.
    * Fixed a regression introduced in sudo 1.8.23 with shadow passwd
      file authentication on OpenBSD.  BSD authentication was not
    * Sudo now logs when a user-specified command-line option is
      rejected by a sudoers rule.  Previously, these conditions were
      written to the audit log, but the default sudo log file.  Affected
      command line arguments include -C (--close-from), -D (--chdir),
    - R (--chroot), -g (--group) and -u (--user).
  - News in 1.9.3
    * Fixed building the Python plugin on systems with a compiler that
      doesn't support symbol hiding.
    * Sudo now uses a linker script to hide symbols even when the
      compiler has native symbol hiding support.  This should make it
      easier to detect omissions in the symbol exports file, regardless
      of the platform.
    * Fixed the libssl dependency in Debian packages for older releases
      that use libssl1.0.0.
    * Sudo and visudo now provide more detailed messages when a syntax
      error is detected in sudoers.  The offending line and token are
      now displayed.  If the parser was generated by GNU bison,
      additional information about what token was expected is also
      displayed.  Bug #841.
    * Sudoers rules must now end in either a newline or the end-of-file.
      Previously, it was possible to have multiple rules on a single
      line, separated by white space.  The use of an end-of-line
      terminator makes it possible to display accurate error messages.
    * Sudo no longer refuses to run if a syntax error in the sudoers
      file is encountered.  The entry with the syntax error will be
      discarded and sudo will continue to parse the file.  This makes
      recovery from a syntax error less painful on systems where sudo
      is the primary method of superuser access.  The historic behavior
      can be restored by add "error_recovery=false" to the sudoers
      plugin's optional arguments in sudo.conf.  Bug #618.
    * Fixed the sample_approval plugin's symbol exports file for systems
      where the compiler doesn't support symbol hiding.
    * Fixed a regression introduced in sudo 1.9.1 where arguments to
      the "sudoers_policy" plugin in sudo.conf were not being applied.
      The sudoers file is now parsed by the "sudoers_audit" plugin,
      which is loaded implicitly when "sudoers_policy" is listed in
      sudo.conf.  Starting with sudo 1.9.3, if there are plugin arguments
      for "sudoers_policy" but "sudoers_audit" is not listed, those
      arguments will be applied to "sudoers_audit" instead.
    * The user's resource limits are now passed to sudo plugins in
      the user_info[] list.  A plugin cannot determine the limits
      itself because sudo changes the limits while it runs to prevent
      resource starvation.
    * It is now possible to set the working directory or change the
      root directory on a per-command basis using the CWD and CHROOT
      options.  There are also new Defaults settings, runchroot and
      runcwd, that can be used to set the working directory or root
      directory on a more global basis.
    * New -D (--chdir) and -R (--chroot) command line options can be
      used to set the working directory or root directory if the sudoers
      file allows it.  This functionality is not enabled by default
      and must be explicitly enabled in the sudoers file.
  - add sudo-1.9.3p1-pam_xauth.patch to stay setuid until just before
    executing the command. Fixes a problem with pam_xauth which
    checks effective and real uids to get the real identity of the
    user [bsc#1174593]
* Mon Sep 07 2020 Marco Varlese <>
  - Modified the secure_path to include the other two default paths
    which are commonly available to $user. This will offer a better
    and more consistent UX.
* Tue Aug 25 2020
  - This rpm packages decides about the permissions of /etc/sudoers.d
* Fri Jul 24 2020 Paolo Stivanin <>
  - Update to 1.9.2:
    * The configure script now uses pkg-config to find the openssl cflags
      and libs where possible.
    * The contents of the log.json I/O log file is now documented in
      the sudoers manual.
    * The sudoers plugin now properly exports the sudoers_audit symbol
      on systems where the compiler lacks symbol visibility controls.
      This caused a regression in 1.9.1 where a successful sudo command
      was not logged due to the missing audit plugin. Bug #931.
    * Fixed a regression introduced in 1.9.1 that can result in crash
      when there is a syntax error in the sudoers file. Bug #934.
  - Rebase sudo-sudoers.patch
* Mon Jun 29 2020 Thorsten Kukuk <>
  - Move python plugin support to own sub-package, we don't want
    python in a really minimal system [bsc#1173200]
* Fri Jun 19 2020 Vítězslav Čížek <>
  - Update to 1.9.1
    * Fixed an AIX-specific problem when I/O logging was enabled.
      The terminal device was not being properly set to raw mode.
      Bug #927.
    * Corrected handling of sudo_logsrvd connections without associated
      I/O log data.  This fixes support for RejectMessage as well as
      AcceptMessage when the expect_iobufs flag is not set.
    * Added an "iolog_path" entry to the JSON-format event log produced
      by sudo_logsrvd.  Previously, it was only possible to determine
      the I/O log file an event belonged to using sudo-format logs.
    * Fixed the bundle IDs for sudo-logsrvd and sudo-python macOS packages.
    * I/O log files produced by the sudoers plugin now clear the write
      bits on the I/O log timing file when the log is complete.  This
      is consistent with how sudo_logsrvd indicates that a log is
    * The sudoreplay utility has a new "-F" (follow) command line
      option to allow replaying a session that is still in progress,
      similar to "tail -f".
    * The @include and @includedir directives can be used in sudoers
      instead of #include and #includedir.  In addition, include paths
      may now have embedded white space by either using a double-quoted
      string or escaping the space characters with a backslash.
    * When running a command in a pty, sudo will no longer try to
      suspend itself if the user's tty has been revoked (for instance
      when the parent ssh daemon is killed).  This fixes a bug where
      sudo would continuously suspend the command (which would succeed),
      then suspend itself (which would fail due to the missing tty)
      and then resume the command.
    * If sudo's event loop fails due to the tty being revoked, remove
      the user's tty events and restart the event loop (once).  This
      fixes a problem when running "sudo reboot" in a pty on some
      systems.  When the event loop exited unexpectedly, sudo would
      kill the command running in the pty, which in the case of "reboot",
      could lead to the system being in a half-rebooted state.
    * Fixed a regression introduced in sudo 1.8.23 in the LDAP and
      SSSD back-ends where a missing sudoHost attribute was treated
      as an "ALL" wildcard value.  A sudoRole with no sudoHost attribute
      is now ignored as it was prior to version 1.8.23.
    * The audit plugin API has been changed slightly.  The sudo front-end
      now audits an accept event itself after all approval plugins are
      run and the I/O logging plugins (if any) are opened.  This makes
      it possible for an audit plugin to only log a single overall
      accept event if desired.
    * The sudoers plugin can now be loaded as an audit plugin.  Logging
      of successful commands is now performed in the audit plugin's
      accept function.  As a result, commands are now only logged if
      allowed by sudoers and all approval plugins.  Commands rejected
      by an approval plugin are now also logged by the sudoers plugin.
    * Romanian translation for sudo and sudoers from
    * Fixed a regression introduced in sudo 1.9.0 where sudoedit did
      not remove its temporary files after installing them.  Bug #929.
    * Fixed a regression introduced in sudo 1.9.0 where the iolog_file
      setting in sudoers and sudo_logsrvd.conf caused an error if the
      file name ended in six or more X's.
* Mon May 18 2020 Kristyna Streitova <>
  - Update to 1.9.0 (current stable release)
    * for changes between version 1.9.0 and 1.8.31p1 see rc changes
* Mon May 11 2020 Kristyna Streitova <>
  - Update to 1.9.0rc5
    * The default TLS listener is now only enabled when either the
      TLS certificate file is explicitly specified in sudo_logsrvd.conf
      or the default TLS certificate file exists in the file system.
      There is no change in behavior for listen_address entries
      explicitly set in the configuration file.
* Thu May 07 2020 Kristyna Streitova <>
  - Update to 1.9.0rc4
    * Various spelling fixes. Bug #925.
    * The struct passwd passed to PAM session modules is now looked up
      by user name, not user-ID, when possible. Fixes a problem with
      the pam_limits module and configurations where multiple user names
      share the same ID. Debian bug #734752.
    * Sudo command line options that take a value may only be specified
      once. This is to help guard against problems caused by poorly
      written scripts that invoke sudo with user-controlled input. Bug #924.
* Wed May 06 2020 Kristyna Streitova <>
  - Update to 1.9.0rc3
    * The sudo-logsrvd package now installs a systemd service on Linux
      distros that use systemd.
    * The I/O plugin is now closed before the policy plugin on command
    * When copying the edited files to the original path, sudoedit now
      allocates any additional space needed before writing. Previously,
      it could truncate the destination file if the file system was
      full. Bug #922.
    * Fixed a compilation issue with Python 3.8.
    * Changed how TLS connections are made to the log server. Instead
      of using a starttls type approach where TLS and plaintext
      connections share the same point we now use separate ports for
      plaintext and TLS connections. A (tls) flag can be specified after
      the host:port to indicate that the connection should be secured
      with TLS. This avoids a potention man-in-the-middle attack that
      could cause the connection to be forced into plaintext mode.
      Unfortunately, this change breaks compatibility with the
      previous release candidates.
* Fri Apr 17 2020 Kristyna Streitova <>
  - build with enable-python to support python plugins
* Fri Apr 17 2020 Kristyna Streitova <>
  - Update to 1.9.0rc2
    * Fixed a test failure in the strsig_test regress test on FreeBSD.
    * Sudo now includes a logging daemon, sudo_logsrvd, which can be
      used to implement centralized logging of I/O logs.  TLS connections
      are supported when sudo is configured with the --enable-openssl
      option.  For more information, see the sudo_logsrvd, logsrvd.conf
      and sudo_logsrv.proto manuals as well as the log_servers setting
      in the sudoers manual.
      The --disable-log-server and --disable-log-client configure
      options can be used to disable building the I/O log server and/or
      remote I/O log support in the sudoers plugin.
    * The new sudo_sendlog utility can be used to test sudo_logsrvd
      or send existing sudo I/O logs to a centralized server.
    * It is now possible to write sudo plugins in Python 3 when sudo
      is configured with the --enable-python> option.  See the manual for details.
      Sudo 1.9.0 comes with several Python example plugins that get
      installed sudo's examples directory.
      The sudo blog article "What's new in sudo 1.9: Python"
      includes a simple tutorial on writing python plugins.
    * Sudo now supports an "audit" plugin type.  An audit plugin
      receives accept, reject, exit and error messages and can be used
      to implement custom logging that is independent of the underlying
      security policy.   Multiple audit plugins may be specified in
      the sudo.conf file.  A sample audit plugin is included that
      writes logs in JSON format.
    * Sudo now supports an "approval" plugin type.  An approval plugin
      is run only after the main security policy (such as sudoers) accepts
      a command to be run.  The approval policy may perform additional
      checks, potentially interacting with the user.  Multiple approval
      plugins may be specified in the sudo.conf file.  Only if all
      approval plugins succeed will the command be allowed.
    * Sudo's -S command line option now causes the sudo conversation
      function to write to the standard output or standard error instead
      of the terminal device.
    * It is now possible to use "Cmd_Alias" instead of "Cmnd_Alias" for
      people who find the former more natural.
    * The new "pam_ruser" and "pam_rhost" sudoers settings can be used
      to enable or disable setting the PAM remote user and/or host
      values during PAM session setup.
    * More than one SHA-2 digest may now be specified for a single
      command.  Multiple digests must be separated by a comma.
    * It is now possible to specify a SHA-2 digest in conjunction with
      the "ALL" reserved word in a command specification.  This allows
      one to give permission to run any command that matches the
      specified digest, regardless of its path.
    * Sudo and sudo_logsrvd now create an extended I/O log info file
      in JSON format that contains additional information about the
      command that was run, such as the host name.  The sudoreplay
      utility uses this file in preference to the legacy log file.
    * The sudoreplay utility can now match on a host name in list mode.
      The list output also now includes the host name if one is present
      in the log file.
    * For "sudo -i", if the target user's home directory does not
      exist, sudo will now warn about the problem but run the command
      in the current working directory.  Previously, this was a fatal
      error.  Debian bug #598519.
    * The command line arguments in the SUDO_COMMAND environment
      variable are now truncated at 4096 characters.  This avoids an
      "Argument list too long" error when executing a command with a
      large number of arguments.  Debian bug #596631.
    * Sudo now properly ends the PAM transaction when the user
      authenticates successfully but sudoers denies the command.
      Debian bug #669687.
    * The sudoers grammar in the manual now indicates that "sudoedit"
      requires one or more arguments.  Debian bug #571621.
  - Pack /usr/sbin/{sudo_logsrvd,sudo_sendlog} binaries and their
  - Pack /usr/lib/sudo/sudo/{,} plugins
  - Pack /etc/sudo.conf and /etc/sudo_logsrvd.conf configuration files
  - Run spec-cleaner
* Tue Mar 17 2020 Paolo Stivanin <>
  - Update to 1.8.31p1
    * Sudo once again ignores a failure to restore the RLIMIT_CORE
      resource limit, as it did prior to version 1.8.29.
      Linux containers don't allow RLIMIT_CORE to be set back to
      RLIM_INFINITY if we set the limit to zero, even for root,
      which resulted in a warning from sudo.
* Thu Feb 06 2020 Kristyna Streitova <>
  - Update to 1.8.31
    Major changes between version 1.8.31 and 1.8.30:
    * This version fixes a potential security issue that can lead to
      a buffer overflow if the pwfeedback option is enabled in
      sudoers [CVE-2019-18634] [bsc#1162202]
    * The sudoedit_checkdir option now treats a user-owned directory
      as writable, even if it does not have the write bit set at the
      time of check. Symbolic links will no longer be followed by
      sudoedit in any user-owned directory. Bug #912.
    * Fixed a crash introduced in sudo 1.8.30 when suspending sudo
      at the password prompt. Bug #914.
    * Fixed compilation on systems where the mmap MAP_ANON flag is
      not available. Bug #915.
    Major changes between version 1.8.30 and 1.8.29:
    * Sudo now closes file descriptors before changing uids. This
      prevents a non-root process from interfering with sudo's ability
      to close file descriptors on systems that support the prlimit(2)
      system call.
    * Sudo now treats an attempt to run sudo sudoedit as simply
      sudoedit If the sudoers file contains a fully-qualified path
      to sudoedit, sudo will now treat it simply as sudoedit
      (with no path). Visudo will will now treat a fully-qualified
      path to sudoedit as an error. Bug #871.
    * Fixed a bug introduced in sudo 1.8.28 where sudo would warn
      about a missing /etc/environment file on AIX and Linux when
      PAM is not enabled. Bug #907.
    * Fixed a bug on Linux introduced in sudo 1.8.29 that prevented
      the askpass program from running due to an unlimited stack size
      resource limit. Bug #908.
    * If a group provider plugin has optional arguments, the argument
      list passed to the plugin is now NULL terminated as per the
    * The user's time stamp file is now only updated if both authentication
      and approval phases succeed. This is consistent with the behavior
      of sudo prior to version 1.8.23. Bug #910.
    * The new allow_unknown_runas_id sudoers setting can be used to
      enable or disable the use of unknown user or group IDs.
      Previously, sudo would always allow unknown user or group IDs if
      the sudoers entry permitted it, including via the ALL alias.
      As of sudo 1.8.30, the admin must explicitly enable support for
      unknown IDs.
    * The new runas_check_shell sudoers setting can be used to require
      that the runas user have a shell listed in the /etc/shells file.
      On many systems, users such as bin, do not have a valid shell and
      this flag can be used to prevent commands from being run as
      those users.
    * Fixed a problem restoring the SELinux tty context during reboot
      if mctransd is killed before sudo finishes. GitHub Issue #17.
    * Fixed an intermittent warning on NetBSD when sudo restores the
      initial stack size limit.
    Major changes between version 1.8.29 and 1.8.28p1:
    * The cvtsudoers command will now reject non-LDIF input when
      converting from LDIF format to sudoers or JSON formats.
    * The new log_allowed and log_denied sudoers settings make it
      possible to disable logging and auditing of allowed and/or
      denied commands.
    * The umask is now handled differently on systems with PAM or
      login.conf. If the umask is explicitly set in sudoers, that
      value is used regardless of what PAM or login.conf may specify.
      However, if the umask is not explicitly set in sudoers, PAM or
      login.conf may now override the default sudoers umask. Bug #900.
    * For make install, the sudoers file is no longer checked for syntax
      errors when DESTDIR is set. The default sudoers file includes the
      contents of /etc/sudoers.d which may not be readable as non-root.
      Bug #902.
    * Sudo now sets most resource limits to their maximum value to avoid
      problems caused by insufficient resources, such as an inability to
      allocate memory or open files and pipes. Fixed a regression introduced
      in sudo 1.8.28 where sudo would refuse to run if the parent process was
      not associated with a session. This was due to sudo passing a session
      ID of -1 to the plugin.
  - refresh sudo-sudoers.patch
* Fri Dec 06 2019 Thorsten Kukuk <>
  - Move pam.d/sudo* files to /usr/etc
* Wed Oct 16 2019 Vítězslav Čížek <>
  - Update to 1.8,28p1
    * The fix for Bug #869 caused "sudo -v" to prompt for a password
      when "verifypw" is set to "all" (the default) and all of the
      user's sudoers entries are marked with NOPASSWD.  Bug #901.
* Mon Oct 14 2019 Vítězslav Čížek <>
  - Update to 1.8.28
    * Fixed CVE-2019-14287 (bsc#1153674),
    a bug where a sudo user may be able to
    run a command as root when the Runas specification explicitly
    disallows root access as long as the ALL keyword is listed first.
    * Sudo will now only set PAM_TTY to the empty string when no
    terminal is present on Solaris and Linux.  This workaround is
    only needed on those systems which may have PAM modules that
    misbehave when PAM_TTY is not set.
    * The mailerflags sudoers option now has a default value even if
    sendmail support was disabled at configure time.  Fixes a crash
    when the mailerpath sudoers option is set but mailerflags is not.
    Bug #878.
    * Sudo will now filter out last login messages on HP-UX unless it
    a shell is being run via "sudo -s" or "sudo -i".  Otherwise,
    when trusted mode is enabled, these messages will be displayed
    for each command.
    * Sudo has a new -B command line option that will ring the terminal
    bell when prompting for a password.
    * Sudo no longer refuses to prompt for a password when it cannot
    determine the user's terminal as long as it can open /dev/tty.
    This allows sudo to function on systems where /proc is unavailable,
    such as when running in a chroot environment.
    * The "env_editor" sudoers flag is now on by default.  This makes
    source builds more consistent with the packages generated by
    sudo's mkpkg script.
    * Fixed a bad interaction with configure's --prefix and
    - -disable-shared options.  Bug #886.
    * More verbose error message when a password is required and no terminal
    is present.  Bug #828.
    * Command tags, such as NOPASSWD, are honored when a user tries to run a
    command that is allowed by sudoers but which does not actually
    exist on the file system.  Bug #888.
    * I/O log timing files now store signal suspend and resume information
    in the form of a signal name instead of a number.
    * Fixed a bug introduced in 1.8.24 that prevented sudo from honoring
    the value of "ipa_hostname" from sssd.conf, if specified, when
    matching the host name.
    * Fixed a bug introduced in 1.8.21 that prevented the core dump
    resource limit set in the pam_limits module from taking effect.
    Bug #894.
    * Fixed parsing of double-quoted Defaults group and netgroup bindings.
    * The user ID is now used when matching sudoUser attributes in LDAP.
    Previously, the user name, group name and group IDs were used
    when matching but not the user ID.
    * Sudo now writes PAM messages to the user's terminal, if available,
    instead of the standard output or standard error.  This prevents
    PAM output from being intermixed with that of the command when
    output is sent to a file or pipe.  Bug #895.
    * Sudoedit now honors the umask and umask_override settings in sudoers.
    Previously, the user's umask was used as-is.
    * Fixed a bug where the terminal's file context was not restored
    when using SELinux RBAC.  Bug #898.
  - refresh sudo-sudoers.patch
* Sun Aug 18 2019 Oliver Kurz <>
  - Correct typo in sudoers patch
* Sun Jan 13 2019
  - Update to 1.8.27
    * Fixes and clarifications to the sudo plugin documentation
    * The sudo manuls no longer require extensive post-processing
    * If an I/O logging plugin is configured, sudo will no longer
      force the command to be run in a pseudo-tty
    * #843 (PAM handling error) correctly fixed.
    * In visudo, it's now possible to specify the path to sudoers
      without using the -f option (#864)
    * Fixed a big introduced in 1.8.22 where utm/p/utmpx would not
      be updated when a command was run in a pseudo-tty (#865)
    * Sudo now sets the silent flag when opening the PAM session
      except when running a shell via sudo -s or sudo -i (#867)
* Sat Nov 17 2018
  - Update to 1.8.26
    * Fixed a bug in cvtsudoers when converting to JSON format
      when alias exansion is enabled
    * Sudo no longer sets the USERNAME environment variable
      when running commands
    * Sudo now treats the LOGNAME and USER environment variables
      (as well as the LOGIN variable on AIX) as a single unit
    * Added support for OpenLDAP TLS_REQCERT setting in ldap.conf
    * Sudo now logs when the command was suspended and resumed
      in the I/O logs
    * Sudo now prints a warning message when there is an error or
      end of file while reading the password instead of exiting
    * Fixed a bug introduced in sudo 1.8.25 that prevented sudo
      from properly setting the user's groups on AIX.
    * The sudoers LDAP back-end now supports negated sudoRunAsUser
      and sudoRunAsGroup entries
    * Sudo now rpovides a proper error message when the "fqdn"
      sudoers option is set and it is unable to resolve the local
      host name.
    * Sudo now includes sudoers LDAP schema for the on-line config
      supported by OpenLDAP
* Wed Sep 19 2018
  - fix permissions for /var/lib/sudo and /var/lib/sudo/ts
* Tue Sep 18 2018 Marketa Calabkova <>
  - Update to 1.8.25p1
    * Fixed a bug introduced in sudo 1.8.25 that caused a crash on
      systems that have the poll() function but not the ppoll()
* Wed Sep 05 2018 Marketa Calabkova <>
  - Update to 1.8.25
    * I/O log timing file entries now use a monotonic timer and
      include nanosecond precision
    * when sudo runs a command in a pseudo-tty, the slave device is
      now closed in the main process immediately after starting the
      monitor process
    * the testsudoers utility now supports querying an LDIF-format
* Tue Aug 21 2018
  - Update to 1.8.24
    * random insults are now more random
    * added SUDO_CONV_PREFER_TTY flag for conversation function to
      tell sudo to try writing to /dev/tty first
    * cvtsudoers can now parse base64-encoded attributes in LDIF
* Thu Jul 12 2018
  - Build with make -B to make package build reproducible
* Wed May 02 2018
  - Update to 1.8.23
    * primarily a bug fix release
    * new cvtsudoers utility (replaces sudoers2ldif) and converts
      between sudoers formats and perform some basic filtering.
    * removed obsolete sudoers2ldif-env.patch
* Mon Apr 16 2018
  - integrate pam_keyinit pam module [bsc#1081947]
    * add sudo-i.pamd PAM configuration file and install it as
    * add "session optional revoke" to sudo.pamd and
      "session optional force revoke" to sudo-i.pamd
    * add "--with-pam-login" build option to enable specific PAM
      session for "sudo -i"
  - make pam configuration files (noreplace)
  - reorganize Sources
* Wed Apr 04 2018
  - Use %license instead of %doc [bsc#1082318]
* Mon Feb 19 2018
  - Fix sudo prompt: escape %p into %%p to ensure 'p' is not wrapped
    and interpreted as being an rpm variable (boo#1081470).
* Tue Feb 13 2018
  - The sudo distribution files are now signed with a new pgp key.
    Refresh sudo.keyring
* Wed Jan 24 2018
  - Update to 1.8.22 [bsc#1080793]
    * Commands run in the background from a script run via sudo will
      no longer receive SIGHUP when the parent exits and I/O logging
      is enabled
    * A particularly offensive insult is now disabled by default
    * The description of sudo -i now correctly documents that the
      env_keep and env_check sudoers options are applied to the
    * Fixed a crash when the system's host name is not set
    * The sudoers2ldif script now handles #include and #includedir
    * Fixed a bug where sudo would silently exit when the command
      was not allowed by sudoers and the passwd_tries sudoers option
      was set to a value less than one.
    * Fixed a bug with the listpw and verifypw sudoers options and
      multiple sudoers sources. If the option is set to all a
      password should be required unless none of a user's sudoers
      entries from any source require authentication.
    * Fixed a bug with the listpw and verifypw sudoers options in
      the LDAP and SSSD back-ends. If the option is set to any and
      the entry contained multiple rules, only the first matching
      rule was checked. If an entry contained more than one matching
      rule and the first rule required authentication but a
      subsequent rule did not, sudo would prompt for a password when
      it should not have.
    * When running a command as the invoking user (not root), sudo
      would execute the command with the same group vector it was
      started with. Sudo now executes the command with a new group
      vector based on the group database which is consistent with how
      su(1) operates.
    * Fixed a double free in the SSSD back-end that could occur when
      ipa_hostname is present in sssd.conf and is set to an unqualified
      host name.
    * When I/O logging is enabled, sudo will now write to the terminal
      even when it is a background process. Previously, sudo would only
      write to the tty when it was the foreground process when I/O
      logging was enabled. If the TOSTOP terminal flag is set, sudo
      will suspend the command (and then itself) with the SIGTTOU signal.
    * A new authfail_message sudoers option that overrides the default
      N incorrect password attempt(s).
    * An empty sudoRunAsUser attribute in the LDAP and SSSD backends
      will now match the invoking user. This is more consistent with
      how an empty runas user in the sudoers file is treated.
    * Documented that in check mode, visudo does not check the owner /
      mode on files specified with the -f flag
    * It is now an error to specify the runas user as an empty string
      on the command line. Previously, an empty runas user was treated
      the same as an unspecified runas user
    * When timestamp_type option is set to tty and a terminal is
      present, the time stamp record will now include the start time
      of the session leader. When the timestamp_type option is set
      to ppid or when no terminal is available, the start time of the
      parent process is used instead. This significantly reduces the
      likelihood of a time stamp record being re-used when a user logs
      out and back in again.
    * The sudoers time stamp file format is now documented in the new
      sudoers_timestamp manual.
    * Visudo will now use the SUDO_EDITOR environment variable (if
      present) in addition to VISUAL and EDITOR.
  - rebase sudoers2ldif-env.patch
  - cleanup with spec-cleaner



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Oct 12 23:35:28 2021