From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.1 Date: Sat, 22 Apr 2023 00:18:30 +0000 From: QA Team Robot To: sisyphus-cybertalk@lists.altlinux.org Message-ID: Mail-Followup-To: sisyphus-cybertalk@lists.altlinux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [cyber] I: p9/branch packages: +3 (18274) X-BeenThere: sisyphus-cybertalk@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: devel@lists.altlinux.org List-Id: ALT Linux Sisyphus cybertalk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2023 00:18:33 -0000 Archived-At: List-Archive: 3 UPDATED packages adcli - Active Directory enrollment * Mon Oct 17 2022 Evgeny Sinelnikov 0.9.2-alt1 - Add support LDAP add/mod operation to set/change password: + fix unable to join to active directory after KB5008380/CVE-2021-42287 with option '--ldap-passwd'; + https://gitlab.freedesktop.org/realmd/adcli/-/issues/27 - Add support fall back to LDAPS if CLDAP ping was not successful + If the --use-ldaps option is used and there is no reply on the CLDAP 389/udp port adcli will try to send the request to the LDAPS port 636/tcp. - Fix write SID before secret to Samba's db looks like 'net changesecretpw' - Add passwd-user sub-command for (re)set a user password. - Add dont-expire-password option for computer. * Sat Oct 30 2021 Alexey Shabalin 0.9.1-alt2 - Upstream master snapshot. * Sat Jun 26 2021 Alexey Shabalin 0.9.1-alt1 - 0.9.1 * Tue Mar 03 2020 Alexey Shabalin 0.9.0-alt2 - discovery fix * Thu Jan 23 2020 Alexey Shabalin 0.9.0-alt1 ntfs-3g - third generation Linux NTFS driver * Tue Nov 08 2022 Alexander Danilov 2:2021.8.22-alt2 - Fixes (CVE-2021-46790, CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786, CVE-2022-30787, CVE-2022-30788, CVE-2022-30789, CVE-2022-40284) * Tue Aug 31 2021 Valery Inozemtsev 2:2021.8.22-alt1 sudo - Allows command execution as another user * Mon Feb 27 2023 Evgeny Sinelnikov 1:1.9.13p2-alt1 - Update to latest stable release. - Fix run_time message validation in logsrvd. - Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). * Mon Feb 20 2023 Evgeny Sinelnikov 1:1.9.13p1-alt1 - Update to latest stable release. - Fixed potential memory leaks in error paths (GitHub#199, GitHub#202). - Fixed potential NULL dereferences on memory allocation failure (GitHub#204, GitHub#211). - A missing include file in sudoers is no longer a fatal error unless the error_recovery plugin argument has been set to false. - Fixed a bug running relative commands via sudo when "log_subcmds" is enabled (GitHub#194). - Fixed a signal handling bug when running sudo commands in a shell script. Signals were not being forwarded to the command when the sudo process was not run in its own process group. - Added a reminder to the default lecture that the password will not echo. This line is only displayed when the pwfeedback option is disabled (GitHub#195). - Regular expressions in sudoers or logsrvd.conf may no longer contain consecutive repetition operators. This is implementation-specific behavior according to POSIX, but some implementations will allocate excessive amounts of memory. This mainly affects the fuzzers. - Sudo no longer checks the ownership and mode of the plugins that it loads. Plugins are configured via either the sudo.conf or sudoers file which are trusted configuration files. - Fixed a bug executing a command with a very long argument vector when "log_subcmds" or "intercept" is enabled on a system where "intercept_type" is set to "trace" (GitHub#194). * Sun Jan 22 2023 Evgeny Sinelnikov 1:1.9.12p2-alt1 - Update to latest stable bugfix and security release (closes: 44965). - Fixed a compilation error on Linux/aarch64 (GitHub#197). - Fixed a potential crash introduced in the fix for (GitHub#134): + If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files. * Mon Nov 07 2022 Evgeny Sinelnikov 1:1.9.12p1-alt1 - Update to latest stable bugfix and security release (fixes: CVE-2022-43995). - Major improvements from latest Sisyphus release: + For ptrace-based intercept mode, sudo will now attempt to verify that the command path name, arguments and environment have not changed from the time when they were authorized by the security policy. The new intercept_verify sudoers setting can be used to control this behavior. + Sudo now supports passing the execve(2) system call the NULL pointer for the argv and/or envp arguments when in intercept mode. Linux treats a NULL pointer like an empty array. + Neovim has been added to the list of visudo editors that support passing the line number on the command line. + Added a new -N (no-update) command line option to sudo which can be used to prevent sudo from updating the user's cached credentials. + PAM approval modules are no longer invoked when running sub-commands in intercept mode unless the intercept_authenticate option is set. There is a substantial performance penalty for calling into PAM for each command run. PAM approval modules are still called for the initial command. + Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2) if available. + The XDG_CURRENT_DESKTOP environment variable is now preserved by default. This makes it possible for graphical applications to choose the correct theme when run via sudo. + The cvtsudoers manual now documents the JSON and CSV output formats. + The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout sudoers settings can be used to support more fine-grained I/O logging. The sudo front-end no longer allocates a pseudo-terminal when running a command if the I/O logging plugin requests logging of stdin, stdout, or stderr but not terminal input/output. + Added the -I option to visudo which only edits the main sudoers file. Include files are not edited unless a syntax error is found. * Mon Nov 07 2022 Evgeny Sinelnikov 1:1.9.11p3-alt4 - Rebuild with upstream sources from https://github.com/sudo-project/sudo (manual import of archives no more needed). * Mon Oct 24 2022 Evgeny Sinelnikov 1:1.9.11p3-alt3 - Add sudopw control with rule Defaults for user, root, target or runas type of user account password credentials that are verified during authentication. * Fri Oct 21 2022 Evgeny Sinelnikov 1:1.9.11p3-alt2 - Fix sudowheel control to be more flexible and supported the default 'ALL:ALL' Runas_Spec with group alias specified. - Fix initialization error in post-scripts for sudoreplay and sudowheel controls during first installation process (closes: 41907). * Thu Oct 20 2022 Evgeny Sinelnikov 1:1.9.11p3-alt1 - Update to latest stable release. - Major improvemnents from latest Sisyphus release: + Added new log_passwords and passprompt_regex settings to sudo_logsrvd that operate like the sudoers options when logging terminal input. + A new noninteractive_auth sudoers option has been added to enable PAM authentication in non-interactive mode. + When sudo is run in non-interactive mode (with the -n option), it will now attempt PAM authentication and only exit with an error if user interaction is required. + The intercept and log_subcmds functionality can now use ptrace(2) on Linux systems that support seccomp(2) filtering. - Tweak default password prompt as %u doesn't make sense. Improve it by old fix from Patrick Schoenfeld that adds a %p and uses it by default (closes: 38612). * Mon Oct 11 2021 Evgeny Sinelnikov 1:1.9.8p2-alt1 - Fixed minor troubles and regressions. * Thu Sep 16 2021 Evgeny Sinelnikov 1:1.9.8-alt1 - Update to latest stable release with support transparently intercepting sub-commands executed by the original command run via sudo. * Sat Sep 11 2021 Evgeny Sinelnikov 1:1.9.7p2-alt1 Total 18274 source packages.