Package sudo-logsrvd: Information

    Binary package: sudo-logsrvd
    Version: 1.9.13p2-alt1
    Architecture: ppc64le
    Build time:  Apr 21, 2023, 05:42 PM in the task #318844
    Source package: sudo
    Category: System/Servers
    Report package bug
    Gear: https://git.altlinux.org/gears/s/sudo.git?a=tree;hb=eceb90f1548e…
    Download: sudo-logsrvd-1.9.13p2-alt1.ppc64le.rpm
    Build log: https://git.altlinux.org/tasks/318844/build/100/ppc64le/log
    Home page: https://www.sudo.ws
    License: ISC
    Summary: High-performance log server for sudo
    Description: 
    sudo-logsrvd is a high-performance log server that accepts event and I/O logs from sudo.
It can be used to implement centralized logging of sudo logs.
    Maintainer: Evgeny Sinelnikov
    List of contributors:
    Evgeny Sinelnikov
    Nikolai Kostrigin
    Vitaly Kuznetsov
    Dmitry V. Levin
    qa-robot

    Last changed

    Feb. 27, 2023 Evgeny Sinelnikov 1:1.9.13p2-alt1
    - Update to latest stable release.
- Fix run_time message validation in logsrvd.
- Fixed a potential double-free bug when matching a sudoers rule
  that contains a per-command chroot directive (CHROOT=dir).
    Feb. 20, 2023 Evgeny Sinelnikov 1:1.9.13p1-alt1
    - Update to latest stable release.
- Fixed potential memory leaks in error paths (GitHub#199, GitHub#202).
- Fixed potential NULL dereferences on memory allocation failure (GitHub#204,
  GitHub#211).
- A missing include file in sudoers is no longer a fatal error
  unless the error_recovery plugin argument has been set to false.
- Fixed a bug running relative commands via sudo when "log_subcmds"
  is enabled (GitHub#194).
- Fixed a signal handling bug when running sudo commands in a shell
  script.  Signals were not being forwarded to the command when
  the sudo process was not run in its own process group.
- Added a reminder to the default lecture that the password will
  not echo. This line is only displayed when the pwfeedback option
  is disabled (GitHub#195).
- Regular expressions in sudoers or logsrvd.conf may no longer contain
  consecutive repetition operators.  This is implementation-specific behavior
  according to POSIX, but some implementations will allocate excessive amounts
  of memory. This mainly affects the fuzzers.
- Sudo no longer checks the ownership and mode of the plugins that it loads.
  Plugins are configured via either the sudo.conf or sudoers file which are
  trusted configuration files.
- Fixed a bug executing a command with a very long argument vector when
  "log_subcmds" or "intercept" is enabled on a system where "intercept_type"
  is set to "trace" (GitHub#194).
    Jan. 22, 2023 Evgeny Sinelnikov 1:1.9.12p2-alt1
    - Update to latest stable bugfix and security release (closes: 44965).
- Fixed a compilation error on Linux/aarch64 (GitHub#197).
- Fixed a potential crash introduced in the fix for (GitHub#134):
 + If a user's sudoers entry did not have any RunAs user's set, running
   "sudo -U otheruser -l" would dereference a NULL pointer.
- Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating
  a I/O files when the "iolog_file" sudoers setting contains six or more Xs.
- Fixed security issue (fixes: CVE-2023-22809), a flaw in sudo's -e option (aka
  sudoedit) that could allow a malicious user with sudoedit privileges to edit
  arbitrary files.
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top