Diff for /embedaddon/sudo/NEWS between versions 1.1 and 1.1.1.2

version 1.1, 2012/02/21 16:23:01 version 1.1.1.2, 2012/05/29 12:26:48
Line 1 Line 1
   What's new in Sudo 1.8.5p1?
   
    * Fixed a bug that prevented files in an include directory from
      being evaluated.
   
   What's new in Sudo 1.8.5?
   
    * When "noexec" is enabled, sudo_noexec.so will now be prepended
      to any existing LD_PRELOAD variable instead of replacing it.
   
    * The sudo_noexec.so shared library now wraps the execvpe(),
      exect(), posix_spawn() and posix_spawnp() functions.
   
    * The user/group/mode checks on sudoers files have been relaxed.
      As long as the file is owned by the sudoers uid, not world-writable
      and not writable by a group other than the sudoers gid, the file
      is considered OK.  Note that visudo will still set the mode to
      the value specified at configure time.
   
    * It is now possible to specify the sudoers path, uid, gid and
      file mode as options to the plugin in the sudo.conf file.
   
    * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
      translations from translationproject.org.
   
    * /etc/environment is no longer read directly on Linux systems
      when PAM is used.  Sudo now merges the PAM environment into the
      user's environment which is typically set by the pam_env module.
   
    * The initial evironment created when env_reset is in effect now
      includes the contents of /etc/environment on AIX systems and the
      "setenv" and "path" entries from /etc/login.conf on BSD systems.
   
    * The plugin API has been extended in three ways.  First, options
      specified in sudo.conf after the plugin pathname are passed to
      the plugin's open function.  Second, sudo has limited support
      for hooks that can be used by plugins.  Currently, the hooks are
      limited to environment handling functions.  Third, the init_session
      policy plugin function is passed a pointer to the user environment
      which can be updated during session setup.  The plugin API version
      has been incremented to version 1.2.  See the sudo_plugin manual
      for more information.
   
    * The policy plugin's init_session function is now called by the
      parent sudo process, not the child process that executes the
      command.  This allows the PAM session to be open and closed in
      the same process, which some PAM modules require.
   
    * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
      which was broken in version 1.8.4.
   
    * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
      file is now uses to determine the controlling terminal, if possible.
      This allows tty-based tickets to work properly even when, e.g.
      standard input, output and error are redirected to /dev/null.
   
    * The output of "sudoreplay -l" is now sorted by file name (or
      sequence number).  Previously, entries were displayed in the
      order in which they were found on the file system.
   
    * Sudo now behaves properly when I/O logging is enabled and the
      controlling terminal is revoked (e.g. the running sshd is killed).
      Previously, sudo may have exited without calling the I/O plugin's
      close function which can lead to an incomplete I/O log.
   
    * Sudo can now detect when a user has logged out and back in again
      on Solaris 11, just like it can on Solaris 10.
   
    * The built-in zlib included with Sudo has been upgraded to version
      1.2.6.
   
    * Setting the SSL parameter to start_tls in ldap.conf now works
      properly when using Mozilla-based SDKs that support the
      ldap_start_tls_s() function.
   
    * The TLS_CHECKPEER parameter in ldap.conf now works when the
      Mozilla NSS crypto backend is used with OpenLDAP.
   
    * A new group provider plugin, system_group, is included which
      performs group look ups by name using the system groups database.
      This can be used to restore the pre-1.7.3 sudo group lookup
      behavior.
   
   What's new in Sudo 1.8.4p5?
   
    * Fixed a bug when matching against an IP address with an associated
      netmask in the sudoers file.  In certain circumstances, this
      could allow users to run commands on hosts they are not authorized
      for.
   
   What's new in Sudo 1.8.4p4?
   
    * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
      from working.
   
   What's new in Sudo 1.8.4p3?
   
    * Fixed a crash on FreeBSD when no tty is present.
   
    * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
      specify environment variables to set on the command line without
      having sudo "ALL" permissions or the "SETENV" tag.
   
    * When visudo is run with the -c (check) option, the sudoers
      file(s) owner and mode are now also checked unless the -f option
      was specified.
   
   What's new in Sudo 1.8.4p2?
   
    * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
      was allocated for group IDs in the LDAP filter.
   
    * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
      was "/sudo.conf" instead of "/etc/sudo.conf".
   
    * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
      when I/O logging is enabled and input is from a pipe or file.
   
   What's new in Sudo 1.8.4p1?
   
    * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
      deleting from the env_keep, env_check and env_delete lists in
      sudoers on some platforms.
   
   What's new in Sudo 1.8.4?
   
    * The -D flag in sudo has been replaced with a more general debugging
      framework that is configured in sudo.conf.
   
    * Fixed a false positive in visudo strict mode when aliases are
      in use.
   
    * Fixed a crash with "sudo -i" when a runas group was specified
      without a runas user.
   
    * The line on which a syntax error is reported in the sudoers file
      is now more accurate.  Previously it was often off by a line.
   
    * Fixed a bug where stack garbage could be printed at the end of
      the lecture when the "lecture_file" option was enabled.
   
    * "make install" now honors the LINGUAS environment variable.
   
    * The #include and #includedir directives in sudoers now support
      relative paths.  If the path is not fully qualified it is expected
      to be located in the same directory of the sudoers file that is
      including it.
   
    * Serbian and Spanish translations for sudo from translationproject.org.
   
    * LDAP-based sudoers may now access by group ID in addition to
      group name.
   
    * visudo will now fix the mode on the sudoers file even if no changes
      are made unless the -f option is specified.
   
    * The "use_loginclass" sudoers option works properly again.
   
    * On systems that use login.conf, "sudo -i" now sets environment
      variables based on login.conf.
   
    * For LDAP-based sudoers, values in the search expression are now
      escaped as per RFC 4515.
   
    * The plugin close function is now properly called when a login
      session is killed (as opposed to the actual command being killed).
      This can happen when an ssh session is disconnected or the
      terminal window is closed.
   
    * The deprecated "noexec_file" sudoers option is no longer supported.
   
    * Fixed a race condition when I/O logging is not enabled that could
      result in tty-generated signals (e.g. control-C) being received
      by the command twice.
   
    * If none of the standard input, output or error are connected to
      a tty device, sudo will now check its parent's standard input,
      output or error for the tty name on systems with /proc and BSD
      systems that support the KERN_PROC_PID sysctl.  This allows
      tty-based tickets to work properly even when, e.g. standard
      input, output and error are redirected to /dev/null.
   
    * Added the --enable-kerb5-instance configure option to allow
      people using Kerberos V authentication to specify a custom
      instance so the principal name can be, e.g. "username/sudo"
      similar to how ksu uses "username/root".
   
    * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
      the results, which would be incorrectly be interpreted as if the
      sudoers file had specified a directory.
   
    * "visudo -c" will now list any include files that were checked
      in addition to the main sudoers file when everything parses OK.
   
    * Users that only have read-only access to the sudoers file may
      now run "visudo -c".  Previously, write permissions were required
      even though no writing is down in check-only mode.
   
    * It is now possible to prevent the disabling of core dumps from
      within sudo itself by adding a line to the sudo.conf file like
      "Set disable_coredump false".
   
 What's new in Sudo 1.8.3p2?  What's new in Sudo 1.8.3p2?
   
  * Fixed a format string vulnerability when the sudo binary (or a   * Fixed a format string vulnerability when the sudo binary (or a
Line 80  What's new in Sudo 1.8.2? Line 282  What's new in Sudo 1.8.2?
  * Visudo now checks the contents of an alias and warns about cycles   * Visudo now checks the contents of an alias and warns about cycles
    when the alias is expanded.     when the alias is expanded.
   
 * If the user specifes a group via sudo's -g option that matches * If the user specifies a group via sudo's -g option that matches
    the target user's group in the password database, it is now     the target user's group in the password database, it is now
    allowed even if no groups are present in the Runas_Spec.     allowed even if no groups are present in the Runas_Spec.
   

Removed from v.1.1  
changed lines
  Added in v.1.1.1.2


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>