From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Sun, 29 Jan 2023 00:15:22 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p10/branch packages: +2 (17977) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2023 00:15:26 -0000 Archived-At: List-Archive: 2 UPDATED packages alterator-grub - alterator module to setup grub bootloader * Sat Jan 07 2023 Anton Midyukov 0.18-alt1 - backend3/grub: don't show other variants of bootloader list, if EFI boot mode - grub-disk: hide partition dm-*, md* from list bootloader places - grub-disk: don't show drives that can't install grub-pc - grub-disk: remove duplicate item "Skip bootloader install" for ppc * Fri Jul 22 2022 Anton Midyukov 0.17-alt1 sudo - Allows command execution as another user * Sun Jan 22 2023 Evgeny Sinelnikov 1:1.9.12p2-alt1 - Update to latest stable bugfix and security release (closes: 44965). - Fixed a compilation error on Linux/aarch64 (GitHub#197). - Fixed a potential crash introduced in the fix for (GitHub#134): + If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. * Mon Nov 07 2022 Evgeny Sinelnikov 1:1.9.12p1-alt1 - Update to latest stable bugfix and security release (fixes: CVE-2022-43995). - Major improvements from latest Sisyphus release: + For ptrace-based intercept mode, sudo will now attempt to verify that the command path name, arguments and environment have not changed from the time when they were authorized by the security policy. The new intercept_verify sudoers setting can be used to control this behavior. + Sudo now supports passing the execve(2) system call the NULL pointer for the argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer like an empty array. + Neovim has been added to the list of visudo editors that support passing the line number on the command line. + Added a new -N (no-update) command line option to sudo which can be used to prevent sudo from updating the user's cached credentials. + PAM approval modules are no longer invoked when running sub-commands in intercept mode unless the intercept_authenticate option is set. There is a substantial performance penalty for calling into PAM for each command run. PAM approval modules are still called for the initial command. + Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) if available. + The XDG_CURRENT_DESKTOP environment variable is now preserved by default. This makes it possible for graphical applications to choose the correct theme when run via sudo. + The cvtsudoers manual now documents the JSON and CSV output formats. + The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers settings can be used to support more fine-grained I/O logging. The sudo front-end no longer allocates a pseudo-terminal when running a command if the I/O logging plugin requests logging of stdin, stdout, or stderr but not terminal input/output. + Added the -I option to visudo which only edits the main sudoers file. Include files are not edited unless a syntax error is found. * Mon Nov 07 2022 Evgeny Sinelnikov 1:1.9.11p3-alt4 - Rebuild with upstream sources from https://github.com/sudo-project/sudo (manual import of archives no more needed). * Mon Oct 24 2022 Evgeny Sinelnikov 1:1.9.11p3-alt3 - Add sudopw control with rule Defaults for user, root, target or runas type of user account password credentials that are verified during authentication. * Fri Oct 21 2022 Evgeny Sinelnikov 1:1.9.11p3-alt2 - Fix sudowheel control to be more flexible and supported the default 'ALL:ALL' Runas_Spec with group alias specified. - Fix initialization error in post-scripts for sudoreplay and sudowheel controls during first installation process (closes: 41907). * Thu Oct 20 2022 Evgeny Sinelnikov 1:1.9.11p3-alt1 - Update to latest stable release. - Major improvemnents from latest Sisyphus release: + Added new log_passwords and passprompt_regex settings to sudo_logsrvd that operate like the sudoers options when logging terminal input. + A new noninteractive_auth sudoers option has been added to enable PAM authentication in non-interactive mode. + When sudo is run in non-interactive mode (with the -n option), it will now attempt PAM authentication and only exit with an error if user interaction is required. + The intercept and log_subcmds functionality can now use ptrace(2) on Linux systems that support seccomp(2) filtering. - Tweak default password prompt as %u doesn't make sense. Improve it by old fix from Patrick Schoenfeld that adds a %p and uses it by default (closes: 38612). * Mon Oct 11 2021 Evgeny Sinelnikov 1:1.9.8p2-alt1 - Fixed minor troubles and regressions. * Thu Sep 16 2021 Evgeny Sinelnikov 1:1.9.8-alt1 - Update to latest stable release with support transparently intercepting sub-commands executed by the original command run via sudo. * Sat Sep 11 2021 Evgeny Sinelnikov 1:1.9.7p2-alt1 Total 17977 source packages.