Diff for /embedaddon/sudo/NEWS between versions 1.1.1.2 and 1.1.1.3

version 1.1.1.2, 2012/05/29 12:26:48 version 1.1.1.3, 2012/10/09 09:29:52
Line 1 Line 1
   What's new in Sudo 1.8.6p3?
   
    * Fixed post-processing of the man pages on systems with legacy
      versions of sed.
   
    * Fixed "sudoreplay -l" on Linux systems with file systems that
      set DT_UNKNOWN in the d_type field of struct dirent.
   
   What's new in Sudo 1.8.6p2?
   
    * Fixed suspending a command after it has already been resumed
      once when I/O logging (or use_pty) is not enabled.
      This was a regression introduced in version 1.8.6.
   
   What's new in Sudo 1.8.6p1?
   
    * Fixed the setting of LOGNAME, USER and USERNAME variables in the
      command's environment when env_reset is enabled (the default).
      This was a regression introduced in version 1.8.6.
   
    * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
   
   What's new in Sudo 1.8.6?
   
    * Sudo is now built with the -fstack-protector flag if the the
      compiler supports it.  Also, the -zrelro linker flag is used if
      supported.  The --disable-hardening configure option can be used
      to build sudo without stack smashing protection.
   
    * Sudo is now built as a Position Independent Executable (PIE)
      if supported by the compiler and linker.
   
    * If the user is a member of the "exempt" group in sudoers, they
      will no longer be prompted for a password even if the -k flag
      is specified with the command.  This makes "sudo -k command"
      consistent with the behavior one would get if the user ran "sudo
      -k" immediately before running the command.
   
    * The sudoers file may now be a symbolic link.  Previously, sudo
      would refuse to read sudoers unless it was a regular file.
   
    * The sudoreplay command can now properly replay sessions where
      no tty was present.
   
    * The sudoers plugin now takes advantage of symbol visibility
      controls when supported by the compiler or linker.  As a result,
      only a small number of symbols are exported which significantly
      reduces the chances of a conflict with other shared objects.
   
    * Improved support for the Tivoli Directory Server LDAP client
      libraries.  This includes support for using LDAP over SSL (ldaps)
      as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
      ldap.conf options.  A new ldap.conf option, TLS_KEYPW can be
      used to specify a password to decrypt the key database.
   
    * When constructing a time filter for use with LDAP sudoNotBefore    
      and sudoNotAfter attributes, the current time now includes tenths
      of a second.  This fixes a problem with timed entries on Active
      Directory.
   
    * If a user fails to authenticate and the command would be rejected
      by sudoers, it is now logged with "command not allowed" instead
      of "N incorrect password attempts".  Likewise, the "mail_no_perms"
      sudoers option now takes precedence over "mail_badpass".
   
    * The sudo manuals are now formatted using the mdoc macros.  Versions
      using the legacy man macros are provided for systems that lack mdoc.
   
    * New support for Solaris privilege sets.  This makes it possible
      to specify fine-grained privileges in the sudoers file on Solaris
      10 and above.  A Runas_Spec that contains no Runas_Lists can be
      used to give a user the ability to run a command as themselves
      but with an expanded privilege set.
   
    * Fixed a problem with the reboot and shutdown commands on some
      systems (such as HP-UX and BSD).  On these systems, reboot sends
      all processes (except itself) SIGTERM.  When sudo received
      SIGTERM, it would relay it to the reboot process, thus killing
      reboot before it had a chance to actually reboot the system.
   
    * Support for using the System Security Services Daemon (SSSD) as
      a source of sudoers data.
   
    * Slovenian translation for sudo and sudoers from translationproject.org.
   
    * Visudo will now warn about unknown Defaults entries that are
      per-host, per-user, per-runas or per-command.
   
    * Fixed a race condition that could cause sudo to receive SIGTTOU
      (and stop) when resuming a shell that was run via sudo when I/O
      logging (and use_pty) is not enabled.
   
    * Sending SIGTSTP directly to the sudo process will now suspend the
      running command when I/O logging (and use_pty) is not enabled.
   
   What's new in Sudo 1.8.5p3?
   
    * Fixed the loading of I/O plugins that conform to a plugin API
      version older than 1.2.
   
   What's new in Sudo 1.8.5p2?
   
    * Fixed use of the SUDO_ASKPASS environment variable which was
      broken in Sudo 1.8.5.
   
    * Fixed a problem reading the sudoers file when the file mode is
      more restrictive than the expected mode.  For example, when the
      expected sudoers file mode is 0440 but the actual mode is 0400.
   
 What's new in Sudo 1.8.5p1?  What's new in Sudo 1.8.5p1?
   
  * Fixed a bug that prevented files in an include directory from   * Fixed a bug that prevented files in an include directory from

Removed from v.1.1.1.2  
changed lines
  Added in v.1.1.1.3


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>