|
version 1.1.1.4, 2013/07/22 10:46:10
|
version 1.1.1.6, 2014/06/15 16:12:53
|
|
Line 1
|
Line 1
|
| |
What's new in Sudo 1.8.10p3? |
| |
|
| |
* Fixed expansion of %p in the prompt for "sudo -l" when rootpw, |
| |
runaspw or targetpw is set. Bug #639 |
| |
|
| |
* Fixed matching of uids and gids which was broken in version 1.8.9. |
| |
Bug #640 |
| |
|
| |
* PAM credential initialization has been re-enabled. It was |
| |
unintentionally disabled by default in version 1.8.8. The way |
| |
credentials are initialized has also been fixed. Bug #642. |
| |
|
| |
* Fixed a descriptor leak on Linux when determing boot time. Sudo |
| |
normally closes extra descriptors before running a command so |
| |
the impact is limited. Bug #645 |
| |
|
| |
* Fixed flushing of the last buffer of data when I/O logging is |
| |
enabled. This bug, introduced in version 1.8.9, could cause |
| |
incomplete command output on some systems. Bug #646 |
| |
|
| |
What's new in Sudo 1.8.10p2? |
| |
|
| |
* Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout |
| |
is set to zero. |
| |
|
| |
What's new in Sudo 1.8.10p1? |
| |
|
| |
* Fixed a bug introduced in sudo 1.8.10 that prevented the disabling |
| |
of tty-based tickets. |
| |
|
| |
* Fixed a bug with netgated commands in "sudo -l command" that |
| |
could cause the command to be listed even when it was explicitly |
| |
denied. This only affected list mode when a command was specified. |
| |
Bug #636 |
| |
|
| |
What's new in Sudo 1.8.10? |
| |
|
| |
* It is now possible to disable network interface probing in |
| |
sudo.conf by changing the value of the probe_interfaces |
| |
setting. |
| |
|
| |
* When listing a user's privileges (sudo -l), the sudoers plugin |
| |
will now prompt for the user's password even if the targetpw, |
| |
rootpw or runaspw options are set. |
| |
|
| |
* The sudoers plugin uses a new format for its time stamp files. |
| |
Each user now has a single file which may contain multiple records |
| |
when per-tty time stamps are in use (the default). The time |
| |
stamps use a monotonic timer where available and are once again |
| |
located in a directory under /var/run. The lecture status is |
| |
now stored separately from the time stamps in a different directory. |
| |
Bug #616 |
| |
|
| |
* sudo's -K option will now remove all of the user's time stamps, |
| |
not just the time stamp for the current terminal. The -k option |
| |
can be used to only disable time stamps for the current terminal. |
| |
|
| |
* If sudo was started in the background and needed to prompt for |
| |
a password, it was not possible to suspend it at the password |
| |
prompt. This now works properly. |
| |
|
| |
* LDAP-based sudoers now uses a default search filter of |
| |
(objectClass=sudoRole) for more efficient queries. The netgroup |
| |
query has been modified to avoid falling below the minimum length |
| |
for OpenLDAP substring indices. |
| |
|
| |
* The new "use_netgroups" sudoers option can be used to explicitly |
| |
enable or disable netgroups support. For LDAP-based sudoers, |
| |
netgroup support requires an expensive substring match on the |
| |
server. If netgroups are not needed, this option can be disabled |
| |
to reduce the load on the LDAP server. |
| |
|
| |
* Sudo is once again able to open the sudoers file when the group |
| |
on sudoers doesn't match the expected value, so long as the file |
| |
is not group writable. |
| |
|
| |
* Sudo now installs an init.d script to clear the time stamp |
| |
directory at boot time on AIX and HP-UX systems. These systems |
| |
either lack /var/run or do not clear it on boot. |
| |
|
| |
* The JSON format used by "visudo -x" now properly supports the |
| |
negation operator. In addition, the Options object is now the |
| |
same for both Defaults and Cmnd_Specs. |
| |
|
| |
* Czech and Serbian translations for sudoers from translationproject.org. |
| |
|
| |
* Catalan translation for sudo from translationproject.org. |
| |
|
| |
What's new in Sudo 1.8.9p5? |
| |
|
| |
* Fixed a compilation error on AIX when LDAP support is enabled. |
| |
|
| |
* Fixed parsing of the "umask" defaults setting in sudoers. Bug #632. |
| |
|
| |
* Fixed a failed assertion when the "closefrom_override" defaults |
| |
setting is enabled in sudoers and sudo's -C flag is used. Bug #633. |
| |
|
| |
What's new in Sudo 1.8.9p4? |
| |
|
| |
* Fixed a bug where sudo could consume large amounts of CPU while |
| |
the command was running when I/O logging is not enabled. Bug #631 |
| |
|
| |
* Fixed a bug where sudo would exit with an error when the debug |
| |
level is set to util@debug or all@debug and I/O logging is not |
| |
enabled. The command would continue runnning after sudo exited. |
| |
|
| |
What's new in Sudo 1.8.9p3? |
| |
|
| |
* Fixed a bug introduced in sudo 1.8.9 that prevented the tty name |
| |
from being resolved properly on Linux systems. Bug #630. |
| |
|
| |
What's new in Sudo 1.8.9p2? |
| |
|
| |
* Updated config.guess, config.sub and libtool to support the ppc64le |
| |
architecture (IBM PowerPC Little Endian). |
| |
|
| |
What's new in Sudo 1.8.9p1? |
| |
|
| |
* Fixed a problem with gcc 4.8's handling of bit fields that could |
| |
lead to the noexec flag being enabled even when it was not |
| |
explicitly set. |
| |
|
| |
What's new in Sudo 1.8.9? |
| |
|
| |
* Reworked sudo's main event loop to use a simple event subsystem |
| |
using poll(2) or select(2) as the back end. |
| |
|
| |
* It is now possible to statically compile the sudoers plugin into |
| |
the sudo binary without disabling shared library support. The |
| |
sudo.conf file may still be used to configure other plugins. |
| |
|
| |
* Sudo can now be compiled again with a C preprocessor that does |
| |
not support variadic macros. |
| |
|
| |
* Visudo can now export a sudoers file in JSON format using the |
| |
new -x flag. |
| |
|
| |
* The locale is now set correctly again for visudo and sudoreplay. |
| |
|
| |
* The plugin API has been extended to allow the plugin to exclude |
| |
specific file descriptors from the "closefrom" range. |
| |
|
| |
* There is now a workaround for a Solaris-specific problem where |
| |
NOEXEC was overriding traditional root DAC behavior. |
| |
|
| |
* Add user netgroup filtering for SSSD. Previously, rules for |
| |
a netgroup were applied to all even when they did not belong |
| |
to the specified netgroup. |
| |
|
| |
* On systems with BSD login classes, if the user specified a group |
| |
(not a user) to run the command as, it was possible to specify |
| |
a different login class even when the command was not run as the |
| |
super user. |
| |
|
| |
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible. |
| |
|
| |
* Fixed a bug where sudoedit would not update the original file |
| |
from the temporary when PAM or I/O logging is not enabled. |
| |
|
| |
* When recycling I/O logs, the log files are now truncated properly. |
| |
|
| |
* Fixes bugs #617, #621, #622, #623, #624, #625, #626 |
| |
|
| |
What's new in Sudo 1.8.8? |
| |
|
| |
* Removed a warning on PAM systems with stacked auth modules |
| |
where the first module on the stack does not succeed. |
| |
|
| |
* Sudo, sudoreplay and visudo now support GNU-style long options. |
| |
|
| |
* The -h (--host) option may now be used to specify a host name. |
| |
This is currently only used by the sudoers plugin in conjunction |
| |
with the -l (--list) option. |
| |
|
| |
* Program usage messages and manual SYNOPSIS sections have been |
| |
simplified. |
| |
|
| |
* Sudo's LDAP SASL support now works properly with Kerberos. |
| |
Previously, the SASL library was unable to locate the user's |
| |
credential cache. |
| |
|
| |
* It is now possible to set the nproc resource limit to unlimited |
| |
via pam_limits on Linux (bug #565). |
| |
|
| |
* New "pam_service" and "pam_login_service" sudoers options |
| |
that can be used to specify the PAM service name to use. |
| |
|
| |
* New "pam_session" and "pam_setcred" sudoers options that |
| |
can be used to disable PAM session and credential support. |
| |
|
| |
* The sudoers plugin now properly supports UIDs and GIDs |
| |
that are larger than 0x7fffffff on 32-bit platforms. |
| |
|
| |
* Fixed a visudo bug introduced in sudo 1.8.7 where per-group |
| |
Defaults entries would cause an internal error. |
| |
|
| |
* If the "tty_tickets" sudoers option is enabled (the default), |
| |
but there is no tty present, sudo will now use a ticket file |
| |
based on the parent process ID. This makes it possible to support |
| |
the normal timeout behavior for the session. |
| |
|
| |
* Fixed a problem running commands that change their process |
| |
group and then attempt to change the terminal settings when not |
| |
running the command in a pseudo-terminal. Previously, the process |
| |
would receive SIGTTOU since it was effectively a background |
| |
process. Sudo will now grant the child the controlling tty and |
| |
continue it when this happens. |
| |
|
| |
* The "closefrom_override" sudoers option may now be used in |
| |
a command-specified Defaults entry (bug #610). |
| |
|
| |
* Sudo's BSM audit support now works on Solaris 11. |
| |
|
| |
* Brazilian Portuguese translation for sudo and sudoers from |
| |
translationproject.org. |
| |
|
| |
* Czech translation for sudo from translationproject.org. |
| |
|
| |
* French translation for sudo from translationproject.org. |
| |
|
| |
* Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic |
| |
symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1 |
| |
which causes issues with some programs. |
| |
|
| |
* Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6. |
| |
|
| |
* Root may no longer change its SELinux role without entering |
| |
a password. |
| |
|
| |
* Fixed a bug introduced in Sudo 1.8.7 where the indexes written |
| |
to the I/O log timing file are two greater than they should be. |
| |
Sudoreplay now contains a work-around to parse those files. |
| |
|
| |
* In sudoreplay's list mode, the "this" qualifier in "fromdate" |
| |
or "todate" expressions now behaves more sensibly. Previously, |
| |
it would often match a date that was "one more" than expected. |
| |
For example, "this week" now matches the current week instead |
| |
of the following week. |
| |
|
| What's new in Sudo 1.8.7? |
What's new in Sudo 1.8.7? |
| |
|
| * The non-Unix group plugin is now supported when sudoers data |
* The non-Unix group plugin is now supported when sudoers data |
|
Line 18 What's new in Sudo 1.8.7?
|
Line 257 What's new in Sudo 1.8.7?
|
| run the command without read access to the terminal when running |
run the command without read access to the terminal when running |
| a command in a pseudo-tty. If the command tries to read from |
a command in a pseudo-tty. If the command tries to read from |
| the terminal it will be stopped by the kernel (via SIGTTIN or |
the terminal it will be stopped by the kernel (via SIGTTIN or |
| SIGTTOU) and sudo will immediately restart it as the forground | SIGTTOU) and sudo will immediately restart it as the foreground |
| process (if possible). This allows sudo to only pass terminal |
process (if possible). This allows sudo to only pass terminal |
| input to the program if the program actually is expecting it. |
input to the program if the program actually is expecting it. |
| Unfortunately, a few poorly-behaved programs (like "su" on most |
Unfortunately, a few poorly-behaved programs (like "su" on most |
|
Line 37 What's new in Sudo 1.8.7?
|
Line 276 What's new in Sudo 1.8.7?
|
| determined. Legal values are "static" (use the kernel groups |
determined. Legal values are "static" (use the kernel groups |
| list), "dynamic" (perform a group database query) and "adaptive" |
list), "dynamic" (perform a group database query) and "adaptive" |
| (only perform a group database query if the kernel list is full). |
(only perform a group database query if the kernel list is full). |
| The "max_groups" specifies the maximum number of groups a user may | The "max_groups" setting specifies the maximum number of groups |
| belong to when performing a group database query. | a user may belong to when performing a group database query. |
| |
|
| * The sudo.conf file now supports line continuation by using a |
* The sudo.conf file now supports line continuation by using a |
| backslash as the last character on the line. |
backslash as the last character on the line. |
| |
|
| * There is now a standalone sudo.conf manual page. |
* There is now a standalone sudo.conf manual page. |
| |
|
| * Sudo now stores its libexec files in a "sudo" subdirectory instead | * Sudo now stores its libexec files in a "sudo" sub-directory instead |
| of in libexec itself. For backwards compatibility, if the plugin |
of in libexec itself. For backwards compatibility, if the plugin |
| is not found in the default plugin directory, sudo will check |
is not found in the default plugin directory, sudo will check |
| the parent directory if the default directory ends in "/sudo". |
the parent directory if the default directory ends in "/sudo". |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo