|
version 1.1.1.2, 2012/05/29 12:26:48
|
version 1.1.1.3, 2012/10/09 09:29:52
|
|
Line 1
|
Line 1
|
| |
What's new in Sudo 1.8.6p3? |
| |
|
| |
* Fixed post-processing of the man pages on systems with legacy |
| |
versions of sed. |
| |
|
| |
* Fixed "sudoreplay -l" on Linux systems with file systems that |
| |
set DT_UNKNOWN in the d_type field of struct dirent. |
| |
|
| |
What's new in Sudo 1.8.6p2? |
| |
|
| |
* Fixed suspending a command after it has already been resumed |
| |
once when I/O logging (or use_pty) is not enabled. |
| |
This was a regression introduced in version 1.8.6. |
| |
|
| |
What's new in Sudo 1.8.6p1? |
| |
|
| |
* Fixed the setting of LOGNAME, USER and USERNAME variables in the |
| |
command's environment when env_reset is enabled (the default). |
| |
This was a regression introduced in version 1.8.6. |
| |
|
| |
* Sudo now honors SUCCESS=return in /etc/nsswitch.conf. |
| |
|
| |
What's new in Sudo 1.8.6? |
| |
|
| |
* Sudo is now built with the -fstack-protector flag if the the |
| |
compiler supports it. Also, the -zrelro linker flag is used if |
| |
supported. The --disable-hardening configure option can be used |
| |
to build sudo without stack smashing protection. |
| |
|
| |
* Sudo is now built as a Position Independent Executable (PIE) |
| |
if supported by the compiler and linker. |
| |
|
| |
* If the user is a member of the "exempt" group in sudoers, they |
| |
will no longer be prompted for a password even if the -k flag |
| |
is specified with the command. This makes "sudo -k command" |
| |
consistent with the behavior one would get if the user ran "sudo |
| |
-k" immediately before running the command. |
| |
|
| |
* The sudoers file may now be a symbolic link. Previously, sudo |
| |
would refuse to read sudoers unless it was a regular file. |
| |
|
| |
* The sudoreplay command can now properly replay sessions where |
| |
no tty was present. |
| |
|
| |
* The sudoers plugin now takes advantage of symbol visibility |
| |
controls when supported by the compiler or linker. As a result, |
| |
only a small number of symbols are exported which significantly |
| |
reduces the chances of a conflict with other shared objects. |
| |
|
| |
* Improved support for the Tivoli Directory Server LDAP client |
| |
libraries. This includes support for using LDAP over SSL (ldaps) |
| |
as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS |
| |
ldap.conf options. A new ldap.conf option, TLS_KEYPW can be |
| |
used to specify a password to decrypt the key database. |
| |
|
| |
* When constructing a time filter for use with LDAP sudoNotBefore |
| |
and sudoNotAfter attributes, the current time now includes tenths |
| |
of a second. This fixes a problem with timed entries on Active |
| |
Directory. |
| |
|
| |
* If a user fails to authenticate and the command would be rejected |
| |
by sudoers, it is now logged with "command not allowed" instead |
| |
of "N incorrect password attempts". Likewise, the "mail_no_perms" |
| |
sudoers option now takes precedence over "mail_badpass". |
| |
|
| |
* The sudo manuals are now formatted using the mdoc macros. Versions |
| |
using the legacy man macros are provided for systems that lack mdoc. |
| |
|
| |
* New support for Solaris privilege sets. This makes it possible |
| |
to specify fine-grained privileges in the sudoers file on Solaris |
| |
10 and above. A Runas_Spec that contains no Runas_Lists can be |
| |
used to give a user the ability to run a command as themselves |
| |
but with an expanded privilege set. |
| |
|
| |
* Fixed a problem with the reboot and shutdown commands on some |
| |
systems (such as HP-UX and BSD). On these systems, reboot sends |
| |
all processes (except itself) SIGTERM. When sudo received |
| |
SIGTERM, it would relay it to the reboot process, thus killing |
| |
reboot before it had a chance to actually reboot the system. |
| |
|
| |
* Support for using the System Security Services Daemon (SSSD) as |
| |
a source of sudoers data. |
| |
|
| |
* Slovenian translation for sudo and sudoers from translationproject.org. |
| |
|
| |
* Visudo will now warn about unknown Defaults entries that are |
| |
per-host, per-user, per-runas or per-command. |
| |
|
| |
* Fixed a race condition that could cause sudo to receive SIGTTOU |
| |
(and stop) when resuming a shell that was run via sudo when I/O |
| |
logging (and use_pty) is not enabled. |
| |
|
| |
* Sending SIGTSTP directly to the sudo process will now suspend the |
| |
running command when I/O logging (and use_pty) is not enabled. |
| |
|
| |
What's new in Sudo 1.8.5p3? |
| |
|
| |
* Fixed the loading of I/O plugins that conform to a plugin API |
| |
version older than 1.2. |
| |
|
| |
What's new in Sudo 1.8.5p2? |
| |
|
| |
* Fixed use of the SUDO_ASKPASS environment variable which was |
| |
broken in Sudo 1.8.5. |
| |
|
| |
* Fixed a problem reading the sudoers file when the file mode is |
| |
more restrictive than the expected mode. For example, when the |
| |
expected sudoers file mode is 0440 but the actual mode is 0400. |
| |
|
| What's new in Sudo 1.8.5p1? |
What's new in Sudo 1.8.5p1? |
| |
|
| * Fixed a bug that prevented files in an include directory from |
* Fixed a bug that prevented files in an include directory from |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo