Packages changed: branding-openSUSE glib2 (2.62.1 -> 2.62.2) glib2-branding-openSUSE sudo (1.8.27 -> 1.8.28p1) === Details === ==== branding-openSUSE ==== - Don't set the theme on install/uninstall - Remove obsolete Groups tag (fate#326485) ==== glib2 ==== Version update (2.62.1 -> 2.62.2) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.62.2: + Bugs fixed: - glgo#GNOME/GLib#1896: Use after free when calling g_dbus_connection_flush_sync() in a dedicated thread. - glgo#GNOME/GLib!1154: Backport glgo#GNOME/GLib!1152 ?gwinhttpvfs: Handle g_get_prgname() returning NULL? to glib-2-62. - glgo#GNOME/GLib!1156: Backport glgo#GNOME/GLib!1146 Solaris fixes to glib-2-62. ==== glib2-branding-openSUSE ==== - Fix keyassignment for help: the schema was changed to array of strings, as multiple keys can now be bound. ==== sudo ==== Version update (1.8.27 -> 1.8.28p1) - Update to 1.8,28p1 * The fix for Bug #869 caused "sudo -v" to prompt for a password when "verifypw" is set to "all" (the default) and all of the user's sudoers entries are marked with NOPASSWD. Bug #901. - Update to 1.8.28 * Fixed CVE-2019-14287 (bsc#1153674), a bug where a sudo user may be able to run a command as root when the Runas specification explicitly disallows root access as long as the ALL keyword is listed first. * Sudo will now only set PAM_TTY to the empty string when no terminal is present on Solaris and Linux. This workaround is only needed on those systems which may have PAM modules that misbehave when PAM_TTY is not set. * The mailerflags sudoers option now has a default value even if sendmail support was disabled at configure time. Fixes a crash when the mailerpath sudoers option is set but mailerflags is not. Bug #878. * Sudo will now filter out last login messages on HP-UX unless it a shell is being run via "sudo -s" or "sudo -i". Otherwise, when trusted mode is enabled, these messages will be displayed for each command. * Sudo has a new -B command line option that will ring the terminal bell when prompting for a password. * Sudo no longer refuses to prompt for a password when it cannot determine the user's terminal as long as it can open /dev/tty. This allows sudo to function on systems where /proc is unavailable, such as when running in a chroot environment. * The "env_editor" sudoers flag is now on by default. This makes source builds more consistent with the packages generated by sudo's mkpkg script. * Fixed a bad interaction with configure's --prefix and - -disable-shared options. Bug #886. * More verbose error message when a password is required and no terminal is present. Bug #828. * Command tags, such as NOPASSWD, are honored when a user tries to run a command that is allowed by sudoers but which does not actually exist on the file system. Bug #888. * I/O log timing files now store signal suspend and resume information in the form of a signal name instead of a number. * Fixed a bug introduced in 1.8.24 that prevented sudo from honoring the value of "ipa_hostname" from sssd.conf, if specified, when matching the host name. * Fixed a bug introduced in 1.8.21 that prevented the core dump resource limit set in the pam_limits module from taking effect. Bug #894. * Fixed parsing of double-quoted Defaults group and netgroup bindings. * The user ID is now used when matching sudoUser attributes in LDAP. Previously, the user name, group name and group IDs were used when matching but not the user ID. * Sudo now writes PAM messages to the user's terminal, if available, instead of the standard output or standard error. This prevents PAM output from being intermixed with that of the command when output is sent to a file or pipe. Bug #895. * Sudoedit now honors the umask and umask_override settings in sudoers. Previously, the user's umask was used as-is. * Fixed a bug where the terminal's file context was not restored when using SELinux RBAC. Bug #898. - refresh sudo-sudoers.patch