Package sudo-logsrvd: Information
Binary package: sudo-logsrvd
Version: 1.9.13p2-alt1
Architecture: aarch64
Build time: Apr 21, 2023, 05:42 PM in the task #318844
Source package: sudo
Category: System/Servers
Report package bugDownload: sudo-logsrvd-1.9.13p2-alt1.aarch64.rpm
Home page: https://www.sudo.ws
License: ISC
Summary: High-performance log server for sudo
Description:
sudo-logsrvd is a high-performance log server that accepts event and I/O logs from sudo. It can be used to implement centralized logging of sudo logs.
Maintainer: Evgeny Sinelnikov
Last changed
Feb. 27, 2023 Evgeny Sinelnikov 1:1.9.13p2-alt1
- Update to latest stable release. - Fix run_time message validation in logsrvd. - Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir).
Feb. 20, 2023 Evgeny Sinelnikov 1:1.9.13p1-alt1
- Update to latest stable release. - Fixed potential memory leaks in error paths (GitHub#199, GitHub#202). - Fixed potential NULL dereferences on memory allocation failure (GitHub#204, GitHub#211). - A missing include file in sudoers is no longer a fatal error unless the error_recovery plugin argument has been set to false. - Fixed a bug running relative commands via sudo when "log_subcmds" is enabled (GitHub#194). - Fixed a signal handling bug when running sudo commands in a shell script. Signals were not being forwarded to the command when the sudo process was not run in its own process group. - Added a reminder to the default lecture that the password will not echo. This line is only displayed when the pwfeedback option is disabled (GitHub#195). - Regular expressions in sudoers or logsrvd.conf may no longer contain consecutive repetition operators. This is implementation-specific behavior according to POSIX, but some implementations will allocate excessive amounts of memory. This mainly affects the fuzzers. - Sudo no longer checks the ownership and mode of the plugins that it loads. Plugins are configured via either the sudo.conf or sudoers file which are trusted configuration files. - Fixed a bug executing a command with a very long argument vector when "log_subcmds" or "intercept" is enabled on a system where "intercept_type" is set to "trace" (GitHub#194).
Jan. 22, 2023 Evgeny Sinelnikov 1:1.9.12p2-alt1
- Update to latest stable bugfix and security release (closes: 44965). - Fixed a compilation error on Linux/aarch64 (GitHub#197). - Fixed a potential crash introduced in the fix for (GitHub#134): + If a user's sudoers entry did not have any RunAs user's set, running "sudo -U otheruser -l" would dereference a NULL pointer. - Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the "iolog_file" sudoers setting contains six or more Xs. - Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files.