[cyber] I: p10/branch packages: +2 (17977)
QA Team Robot
qa на altlinux.org
Вс Янв 29 03:15:22 MSK 2023
2 UPDATED packages
alterator-grub - alterator module to setup grub bootloader
* Sat Jan 07 2023 Anton Midyukov <antohami на altlinux> 0.18-alt1
- backend3/grub: don't show other variants of bootloader list, if EFI boot mode
- grub-disk: hide partition dm-*, md* from list bootloader places
- grub-disk: don't show drives that can't install grub-pc
- grub-disk: remove duplicate item "Skip bootloader install" for ppc
* Fri Jul 22 2022 Anton Midyukov <antohami на altlinux> 0.17-alt1
sudo - Allows command execution as another user
* Sun Jan 22 2023 Evgeny Sinelnikov <sin на altlinux> 1:1.9.12p2-alt1
- Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
+ If a user's sudoers entry did not have any RunAs user's set, running
"sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
sudoedit) that could allow a malicious user with sudoedit privileges to edit
arbitrary files.
* Mon Nov 07 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.12p1-alt1
- Update to latest stable bugfix and security release (fixes: CVE-2022-43995).
- Major improvements from latest Sisyphus release:
+ For ptrace-based intercept mode, sudo will now attempt to verify that the
command path name, arguments and environment have not changed from the time
when they were authorized by the security policy. The new intercept_verify
sudoers setting can be used to control this behavior.
+ Sudo now supports passing the execve(2) system call the NULL pointer for the
argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer
like an empty array.
+ Neovim has been added to the list of visudo editors that support passing the
line number on the command line.
+ Added a new -N (no-update) command line option to sudo which can be used to
prevent sudo from updating the user's cached credentials.
+ PAM approval modules are no longer invoked when running sub-commands in
intercept mode unless the intercept_authenticate option is set. There is a
substantial performance penalty for calling into PAM for each command run.
PAM approval modules are still called for the initial command.
+ Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2)
if available.
+ The XDG_CURRENT_DESKTOP environment variable is now preserved by default.
This makes it possible for graphical applications to choose the correct theme
when run via sudo.
+ The cvtsudoers manual now documents the JSON and CSV output formats.
+ The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers
settings can be used to support more fine-grained I/O logging. The sudo
front-end no longer allocates a pseudo-terminal when running a command if the
I/O logging plugin requests logging of stdin, stdout, or stderr but not
terminal input/output.
+ Added the -I option to visudo which only edits the main sudoers file.
Include files are not edited unless a syntax error is found.
* Mon Nov 07 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt4
- Rebuild with upstream sources from https://github.com/sudo-project/sudo
(manual import of archives no more needed).
* Mon Oct 24 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt3
- Add sudopw control with rule Defaults for user, root, target or runas type
of user account password credentials that are verified during authentication.
* Fri Oct 21 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt2
- Fix sudowheel control to be more flexible and supported the default 'ALL:ALL'
Runas_Spec with group alias specified.
- Fix initialization error in post-scripts for sudoreplay and sudowheel controls
during first installation process (closes: 41907).
* Thu Oct 20 2022 Evgeny Sinelnikov <sin на altlinux> 1:1.9.11p3-alt1
- Update to latest stable release.
- Major improvemnents from latest Sisyphus release:
+ Added new log_passwords and passprompt_regex settings to sudo_logsrvd that
operate like the sudoers options when logging terminal input.
+ A new noninteractive_auth sudoers option has been added to enable PAM
authentication in non-interactive mode.
+ When sudo is run in non-interactive mode (with the -n option), it will now
attempt PAM authentication and only exit with an error if user interaction is
required.
+ The intercept and log_subcmds functionality can now use ptrace(2) on Linux
systems that support seccomp(2) filtering.
- Tweak default password prompt as %u doesn't make sense. Improve it by old fix
from Patrick Schoenfeld that adds a %p and uses it by default (closes: 38612).
* Mon Oct 11 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.8p2-alt1
- Fixed minor troubles and regressions.
* Thu Sep 16 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.8-alt1
- Update to latest stable release with support transparently intercepting
sub-commands executed by the original command run via sudo.
* Sat Sep 11 2021 Evgeny Sinelnikov <sin на altlinux> 1:1.9.7p2-alt1
Total 17977 source packages.
Подробная информация о списке рассылки Sisyphus-cybertalk