From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] sudo: Update to version 1.9.10
Date: Wed, 06 Apr 2022 17:10:54 +0000 [thread overview]
Message-ID: <8b6f4e88-fb86-1a29-a169-26a3eb8fac43@ipfire.org> (raw)
In-Reply-To: <20220405134816.2929511-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4622 bytes --]
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
> - Update from 1.9.9 to 1.9.10
> - Update of rootfile not required
> - Changelog
> What's new in Sudo 1.9.10
> * Added new "log_passwords" and "passprompt_regex" sudoers options.
> If "log_passwords" is disabled, sudo will attempt to prevent passwords
> from being logged. If sudo detects any of the regular expressions in
> the "passprompt_regex" list in the terminal output, sudo will log '*'
> characters instead of the terminal input until a newline or carriage
> return is found in the input or an output character is received.
> * Added new "log_passwords" and "passprompt_regex" settings to
> sudo_logsrvd that operate like the sudoers options when logging
> terminal input.
> * Fixed several few bugs in the cvtsudoers utility when merging
> multiple sudoers sources.
> * Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
> file, where the "retry_interval" in the [relay] section was not
> being recognized.
> * Restored the pre-1.9.9 behavior of not performing authentication
> when sudo's -n option is specified. A new "noninteractive_auth"
> sudoers option has been added to enable PAM authentication in
> non-interactive mode. GitHub issue #131.
> * On systems with /proc, if the /proc/self/stat (Linux) or
> /proc/pid/psinfo (other systems) file is missing or invalid,
> sudo will now check file descriptors 0-2 to determine the user's
> terminal. Bug #1020.
> * Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
> * Fixed a crash in sudo_logsrvd when running in relay mode if
> an alert message is received.
> * Fixed an issue that resulting in "problem with defaults entries"
> email to be sent if a user ran sudo when the sudoers entry in
> the nsswitch.conf file includes "sss" but no sudo provider is
> configured in /etc/sssd/sssd.conf. Bug #1022.
> * Updated the warning displayed when the invoking user is not
> allowed to run sudo. If sudo has been configured to send mail
> on failed attempts (see the mail_* flags in sudoers), it will
> now print "This incident has been reported to the administrator."
> If the "mailto" or "mailerpath" sudoers settings are disabled,
> the message will not be printed and no mail will be sent.
> GitHub issue #48.
> * Fixed a bug where the user-specified command timeout was not
> being honored if the sudoers rule did not also specify a timeout.
> * Added support for using POSIX extended regular expressions in
> sudoers rules. A command and/or arguments in sudoers are treated
> as a regular expression if they start with a '^' character and
> end with a '$'. The command and arguments are matched separately,
> either one (or both) may be a regular expression.
> Bug #578, GitHub issue #15.
> * A user may now only run "sudo -U otheruser -l" if they have a
> "sudo ALL" privilege where the RunAs user contains either "root"
> or "otheruser". Previously, having "sudo ALL" was sufficient,
> regardless of the RunAs user. GitHub issue #134.
> * The sudo lecture is now displayed immediately before the password
> prompt. As a result, sudo will no longer display the lecture
> unless the user needs to enter a password. Authentication methods
> that don't interact with the user via a terminal do not trigger
> the lecture.
> * Sudo now uses its own closefrom() emulation on Linux systems.
> The glibc version may not work in a chroot jail where /proc is
> not available. If close_range(2) is present, it will be used
> in preference to /proc/self/fd.
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> lfs/sudo | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lfs/sudo b/lfs/sudo
> index 6c18892b4..4d73db639 100644
> --- a/lfs/sudo
> +++ b/lfs/sudo
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 1.9.9
> +VER = 1.9.10
>
> THISAPP = sudo-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 1a661a24e9891c705ca1ff0ff0881be30888ac850d18478031379de6cfa10a581ee4b256fda7d8882e17c661bcaa03b1055ab0e525dc75a2b1feec2ca13283c8
> +$(DL_FILE)_BLAKE2 = 94d97379e31b41917616a829cbece3d3fce7dd6ab9d04791b928981c14249c306508298655c19dc59a054ccf7deed4e69e65367cbfe9f6d8b5aba8895cfa6064
>
> install : $(TARGET)
>
prev parent reply other threads:[~2022-04-06 17:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-05 13:48 Adolf Belka
2022-04-06 17:10 ` Peter Müller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8b6f4e88-fb86-1a29-a169-26a3eb8fac43@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox