[cyber] I: p10/branch packages: +2 (17977)

QA Team Robot qa на altlinux.org
Вс Янв 29 03:15:22 MSK 2023


	2 UPDATED packages

alterator-grub - alterator module to setup grub bootloader
* Sat Jan 07 2023 Anton Midyukov <antohami на altlinux> 0.18-alt1
- backend3/grub: don't show other variants of bootloader list, if EFI boot mode
- grub-disk: hide partition dm-*, md* from list bootloader places
- grub-disk: don't show drives that can't install grub-pc
- grub-disk: remove duplicate item "Skip bootloader install" for ppc
* Fri Jul 22 2022 Anton Midyukov <antohami на altlinux> 0.17-alt1

sudo - Allows command execution as another user
* Sun Jan 22 2023 Evgeny Sinelnikov <sin на altlinux> 1:1.9.12p2-alt1
- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
 + If a user's sudoers entry did not have any RunAs user's set, running
   "sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
  a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
  sudoedit) that could allow a malicious user with sudoedit privileges to edit
  arbitrary files.
* Mon Nov 07 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.12p1-alt1
- Update to latest stable bugfix and security release (fixes: CVE-2022-43995).
- Major improvements from latest Sisyphus release:
 + For ptrace-based intercept mode, sudo will now attempt to verify that the
   command path name, arguments and environment have not changed from the time
   when they were authorized by the security policy. The new intercept_verify
   sudoers setting can be used to control this behavior.
 + Sudo now supports passing the execve(2) system call the NULL pointer for the
   argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer
   like an empty array.
 + Neovim has been added to the list of visudo editors that support passing the
   line number on the command line.
 + Added a new -N (no-update) command line option to sudo which can be used to
   prevent sudo from updating the user's cached credentials.
 + PAM approval modules are no longer invoked when running sub-commands in
   intercept mode unless the intercept_authenticate option is set. There is a
   substantial performance penalty for calling into PAM for each command run.
   PAM approval modules are still called for the initial command.
 + Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2)
   if available.
 + The XDG_CURRENT_DESKTOP environment variable is now preserved by default.
   This makes it possible for graphical applications to choose the correct theme
   when run via sudo.
 + The cvtsudoers manual now documents the JSON and CSV output formats.
 + The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers
   settings can be used to support more fine-grained I/O logging. The sudo
   front-end no longer allocates a pseudo-terminal when running a command if the
   I/O logging plugin requests logging of stdin, stdout, or stderr but not
   terminal input/output.
 + Added the -I option to visudo which only edits the main sudoers file.
   Include files are not edited unless a syntax error is found.
* Mon Nov 07 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt4
- Rebuild with upstream sources from https://github.com/sudo-project/sudo
  (manual import of archives no more needed).
* Mon Oct 24 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt3
- Add sudopw control with rule Defaults for user, root, target or runas type
  of user account password credentials that are verified during authentication.
* Fri Oct 21 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt2
- Fix sudowheel control to be more flexible and supported the default 'ALL:ALL'
  Runas_Spec with group alias specified.
- Fix initialization error in post-scripts for sudoreplay and sudowheel controls
  during first installation process (closes: 41907).
* Thu Oct 20 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt1
- Update to latest stable release.
- Major improvemnents from latest Sisyphus release:
 + Added new log_passwords and passprompt_regex settings to sudo_logsrvd that
   operate like the sudoers options when logging terminal input.
 + A new noninteractive_auth sudoers option has been added to enable PAM
   authentication in non-interactive mode.
 + When sudo is run in non-interactive mode (with the -n option), it will now
   attempt PAM authentication and only exit with an error if user interaction is
   required.
 + The intercept and log_subcmds functionality can now use ptrace(2) on Linux
   systems that support seccomp(2) filtering.
- Tweak default password prompt as %u doesn't make sense. Improve it by old fix
  from Patrick Schoenfeld that adds a %p and uses it by default (closes: 38612).
* Mon Oct 11 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.8p2-alt1
- Fixed minor troubles and regressions.
* Thu Sep 16 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.8-alt1
- Update to latest stable release with support transparently intercepting
  sub-commands executed by the original command run via sudo.
* Sat Sep 11 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.7p2-alt1

Total 17977 source packages.


Подробная информация о списке рассылки Sisyphus-cybertalk