[cyber] I: p9/branch packages: +3 (18274)

QA Team Robot qa на altlinux.org
Сб Апр 22 03:18:30 MSK 2023


	3 UPDATED packages

adcli - Active Directory enrollment
* Mon Oct 17 2022 Evgeny Sinelnikov <sin на altlinux> 0.9.2-alt1
- Add support LDAP add/mod operation to set/change password:
 + fix unable to join to active directory after KB5008380/CVE-2021-42287 with
   option '--ldap-passwd';
 + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27
- Add support fall back to LDAPS if CLDAP ping was not successful
 + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp
   port adcli will try to send the request to the LDAPS port 636/tcp.
- Fix write SID before secret to Samba's db looks like 'net changesecretpw'
- Add passwd-user sub-command for (re)set a user password.
- Add dont-expire-password option for computer.
* Sat Oct 30 2021 Alexey Shabalin <shaba на altlinux> 0.9.1-alt2
- Upstream master snapshot.
* Sat Jun 26 2021 Alexey Shabalin <shaba на altlinux> 0.9.1-alt1
- 0.9.1
* Tue Mar 03 2020 Alexey Shabalin <shaba на altlinux> 0.9.0-alt2
- discovery fix
* Thu Jan 23 2020 Alexey Shabalin <shaba на altlinux> 0.9.0-alt1

ntfs-3g - third generation Linux NTFS driver
* Tue Nov 08 2022 Alexander Danilov <admsasha на altlinux> 2:2021.8.22-alt2
- Fixes (CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785,
  CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789,
  CVE-2022-40284)
* Tue Aug 31 2021 Valery Inozemtsev <shrek на altlinux> 2:2021.8.22-alt1

sudo - Allows command execution as another user
* Mon Feb 27 2023 Evgeny Sinelnikov <sin на altlinux> 1:1.9.13p2-alt1
- Update to latest stable release.
- Fix run_time message validation in logsrvd.
- Fixed a potential double-free bug when matching a sudoers rule
  that contains a per-command chroot directive (CHROOT=dir).
* Mon Feb 20 2023 Evgeny Sinelnikov <sin на altlinux> 1:1.9.13p1-alt1
- Update to latest stable release.
- Fixed potential memory leaks in error paths (GitHub#199, GitHub#202).
- Fixed potential NULL dereferences on memory allocation failure (GitHub#204,
  GitHub#211).
- A missing include file in sudoers is no longer a fatal error
  unless the error_recovery plugin argument has been set to false.
- Fixed a bug running relative commands via sudo when "log_subcmds"
  is enabled (GitHub#194).
- Fixed a signal handling bug when running sudo commands in a shell
  script.  Signals were not being forwarded to the command when
  the sudo process was not run in its own process group.
- Added a reminder to the default lecture that the password will
  not echo. This line is only displayed when the pwfeedback option
  is disabled (GitHub#195).
- Regular expressions in sudoers or logsrvd.conf may no longer contain
  consecutive repetition operators.  This is implementation-specific behavior
  according to POSIX, but some implementations will allocate excessive amounts
  of memory. This mainly affects the fuzzers.
- Sudo no longer checks the ownership and mode of the plugins that it loads.
  Plugins are configured via either the sudo.conf or sudoers file which are
  trusted configuration files.
- Fixed a bug executing a command with a very long argument vector when
  "log_subcmds" or "intercept" is enabled on a system where "intercept_type"
  is set to "trace" (GitHub#194).
* Sun Jan 22 2023 Evgeny Sinelnikov <sin на altlinux> 1:1.9.12p2-alt1
- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
 + If a user's sudoers entry did not have any RunAs user's set, running
   "sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
  a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
  sudoedit) that could allow a malicious user with sudoedit privileges to edit
  arbitrary files.
* Mon Nov 07 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.12p1-alt1
- Update to latest stable bugfix and security release (fixes: CVE-2022-43995).
- Major improvements from latest Sisyphus release:
 + For ptrace-based intercept mode, sudo will now attempt to verify that the
   command path name, arguments and environment have not changed from the time
   when they were authorized by the security policy. The new intercept_verify
   sudoers setting can be used to control this behavior.
 + Sudo now supports passing the execve(2) system call the NULL pointer for the
   argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer
   like an empty array.
 + Neovim has been added to the list of visudo editors that support passing the
   line number on the command line.
 + Added a new -N (no-update) command line option to sudo which can be used to
   prevent sudo from updating the user's cached credentials.
 + PAM approval modules are no longer invoked when running sub-commands in
   intercept mode unless the intercept_authenticate option is set. There is a
   substantial performance penalty for calling into PAM for each command run.
   PAM approval modules are still called for the initial command.
 + Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2)
   if available.
 + The XDG_CURRENT_DESKTOP environment variable is now preserved by default.
   This makes it possible for graphical applications to choose the correct theme
   when run via sudo.
 + The cvtsudoers manual now documents the JSON and CSV output formats.
 + The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers
   settings can be used to support more fine-grained I/O logging. The sudo
   front-end no longer allocates a pseudo-terminal when running a command if the
   I/O logging plugin requests logging of stdin, stdout, or stderr but not
   terminal input/output.
 + Added the -I option to visudo which only edits the main sudoers file.
   Include files are not edited unless a syntax error is found.
* Mon Nov 07 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt4
- Rebuild with upstream sources from https://github.com/sudo-project/sudo
  (manual import of archives no more needed).
* Mon Oct 24 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt3
- Add sudopw control with rule Defaults for user, root, target or runas type
  of user account password credentials that are verified during authentication.
* Fri Oct 21 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt2
- Fix sudowheel control to be more flexible and supported the default 'ALL:ALL'
  Runas_Spec with group alias specified.
- Fix initialization error in post-scripts for sudoreplay and sudowheel controls
  during first installation process (closes: 41907).
* Thu Oct 20 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt1
- Update to latest stable release.
- Major improvemnents from latest Sisyphus release:
 + Added new log_passwords and passprompt_regex settings to sudo_logsrvd that
   operate like the sudoers options when logging terminal input.
 + A new noninteractive_auth sudoers option has been added to enable PAM
   authentication in non-interactive mode.
 + When sudo is run in non-interactive mode (with the -n option), it will now
   attempt PAM authentication and only exit with an error if user interaction is
   required.
 + The intercept and log_subcmds functionality can now use ptrace(2) on Linux
   systems that support seccomp(2) filtering.
- Tweak default password prompt as %u doesn't make sense. Improve it by old fix
  from Patrick Schoenfeld that adds a %p and uses it by default (closes: 38612).
* Mon Oct 11 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.8p2-alt1
- Fixed minor troubles and regressions.
* Thu Sep 16 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.8-alt1
- Update to latest stable release with support transparently intercepting
  sub-commands executed by the original command run via sudo.
* Sat Sep 11 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.7p2-alt1

Total 18274 source packages.


Подробная информация о списке рассылки Sisyphus-cybertalk