From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] sudo: Update to version 1.9.10 Date: Wed, 06 Apr 2022 17:10:54 +0000 Message-ID: <8b6f4e88-fb86-1a29-a169-26a3eb8fac43@ipfire.org> In-Reply-To: <20220405134816.2929511-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1249058634233446855==" List-Id: --===============1249058634233446855== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Peter M=C3=BCller > - Update from 1.9.9 to 1.9.10 > - Update of rootfile not required > - Changelog > What's new in Sudo 1.9.10 > * Added new "log_passwords" and "passprompt_regex" sudoers options. > If "log_passwords" is disabled, sudo will attempt to prevent passwords > from being logged. If sudo detects any of the regular expressions in > the "passprompt_regex" list in the terminal output, sudo will log '*' > characters instead of the terminal input until a newline or carriage > return is found in the input or an output character is received. > * Added new "log_passwords" and "passprompt_regex" settings to > sudo_logsrvd that operate like the sudoers options when logging > terminal input. > * Fixed several few bugs in the cvtsudoers utility when merging > multiple sudoers sources. > * Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf > file, where the "retry_interval" in the [relay] section was not > being recognized. > * Restored the pre-1.9.9 behavior of not performing authentication > when sudo's -n option is specified. A new "noninteractive_auth" > sudoers option has been added to enable PAM authentication in > non-interactive mode. GitHub issue #131. > * On systems with /proc, if the /proc/self/stat (Linux) or > /proc/pid/psinfo (other systems) file is missing or invalid, > sudo will now check file descriptors 0-2 to determine the user's > terminal. Bug #1020. > * Fixed a compilation problem on Debian kFreeBSD. Bug #1021. > * Fixed a crash in sudo_logsrvd when running in relay mode if > an alert message is received. > * Fixed an issue that resulting in "problem with defaults entries" > email to be sent if a user ran sudo when the sudoers entry in > the nsswitch.conf file includes "sss" but no sudo provider is > configured in /etc/sssd/sssd.conf. Bug #1022. > * Updated the warning displayed when the invoking user is not > allowed to run sudo. If sudo has been configured to send mail > on failed attempts (see the mail_* flags in sudoers), it will > now print "This incident has been reported to the administrator." > If the "mailto" or "mailerpath" sudoers settings are disabled, > the message will not be printed and no mail will be sent. > GitHub issue #48. > * Fixed a bug where the user-specified command timeout was not > being honored if the sudoers rule did not also specify a timeout. > * Added support for using POSIX extended regular expressions in > sudoers rules. A command and/or arguments in sudoers are treated > as a regular expression if they start with a '^' character and > end with a '$'. The command and arguments are matched separately, > either one (or both) may be a regular expression. > Bug #578, GitHub issue #15. > * A user may now only run "sudo -U otheruser -l" if they have a > "sudo ALL" privilege where the RunAs user contains either "root" > or "otheruser". Previously, having "sudo ALL" was sufficient, > regardless of the RunAs user. GitHub issue #134. > * The sudo lecture is now displayed immediately before the password > prompt. As a result, sudo will no longer display the lecture > unless the user needs to enter a password. Authentication methods > that don't interact with the user via a terminal do not trigger > the lecture. > * Sudo now uses its own closefrom() emulation on Linux systems. > The glibc version may not work in a chroot jail where /proc is > not available. If close_range(2) is present, it will be used > in preference to /proc/self/fd. >=20 > Signed-off-by: Adolf Belka > --- > lfs/sudo | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/lfs/sudo b/lfs/sudo > index 6c18892b4..4d73db639 100644 > --- a/lfs/sudo > +++ b/lfs/sudo > @@ -24,7 +24,7 @@ > =20 > include Config > =20 > -VER =3D 1.9.9 > +VER =3D 1.9.10 > =20 > THISAPP =3D sudo-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) > =20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) > =20 > -$(DL_FILE)_BLAKE2 =3D 1a661a24e9891c705ca1ff0ff0881be30888ac850d1847803137= 9de6cfa10a581ee4b256fda7d8882e17c661bcaa03b1055ab0e525dc75a2b1feec2ca13283c8 > +$(DL_FILE)_BLAKE2 =3D 94d97379e31b41917616a829cbece3d3fce7dd6ab9d04791b928= 981c14249c306508298655c19dc59a054ccf7deed4e69e65367cbfe9f6d8b5aba8895cfa6064 > =20 > install : $(TARGET) > =20 --===============1249058634233446855==--