removed INPUTRC from env_keep to prevent a possible info leak

Resolves: rhbz#1340701
2016-05-31 14:17:26 +02:00 · 2016-05-31 14:17:26 +02:00 · d3ea02b0f5
parent ffcdc7d630
commit d3ea02b0f5
2 changed files with 6 additions and 2 deletions
--- a/sudo.spec
+++ b/sudo.spec
@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.8.16
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: ISC
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@ -201,6 +201,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_libexecdir}/sudo/libsudo_util.so

 %changelog
+* Tue May 31 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-4
+- removed INPUTRC from env_keep to prevent a possible info leak
+  Resolves: rhbz#1340701
+
 * Fri May 13 2016 Daniel Kopecek <dkopecek@redhat.com> 1.8.16-3
 - fixed upstream patch for rhbz#1328735

--- a/2
+++ b/2
@ -55,7 +55,7 @@
 Defaults   !visiblepw

 Defaults    env_reset
-Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
+Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
 Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
 Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
 Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"