Diff for /embedaddon/sudo/NEWS between versions 1.1 and 1.1.1.5

version 1.1, 2012/02/21 16:23:01 version 1.1.1.5, 2013/10/14 07:56:33
Line 1 Line 1
   What's new in Sudo 1.8.8?
   
    * Removed a warning on PAM systems with stacked auth modules
      where the first module on the stack does not succeed.
   
    * Sudo, sudoreplay and visudo now support GNU-style long options.
   
    * The -h (--host) option may now be used to specify a host name.
      This is currently only used by the sudoers plugin in conjunction
      with the -l (--list) option.
   
    * Program usage messages and manual SYNOPSIS sections have been
      simplified.
   
    * Sudo's LDAP SASL support now works properly with Kerberos.
      Previously, the SASL library was unable to locate the user's
      credential cache.
   
    * It is now possible to set the nproc resource limit to unlimited
      via pam_limits on Linux (bug #565).
   
    * New "pam_service" and "pam_login_service" sudoers options
      that can be used to specify the PAM service name to use.
   
    * New "pam_session" and "pam_setcred" sudoers options that
      can be used to disable PAM session and credential support.
   
    * The sudoers plugin now properly supports UIDs and GIDs
      that are larger than 0x7fffffff on 32-bit platforms.
   
    * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
      Defaults entries would cause an internal error.
   
    * If the "tty_tickets" sudoers option is enabled (the default),
      but there is no tty present, sudo will now use a ticket file
      based on the parent process ID.  This makes it possible to support
      the normal timeout behavior for the session.
   
    * Fixed a problem running commands that change their process
      group and then attempt to change the terminal settings when not
      running the command in a pseudo-terminal.  Previously, the process
      would receive SIGTTOU since it was effectively a background
      process.  Sudo will now grant the child the controlling tty and
      continue it when this happens.
   
    * The "closefrom_override" sudoers option may now be used in
      a command-specified Defaults entry (bug #610).
   
    * Sudo's BSM audit support now works on Solaris 11.
   
    * Brazilian Portuguese translation for sudo and sudoers from
      translationproject.org.
   
    * Czech translation for sudo from translationproject.org.
   
    * French translation for sudo from translationproject.org.
   
    * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
      symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
      which causes issues with some programs.
   
    * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
   
    * Root may no longer change its SELinux role without entering
      a password.
   
    * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
      to the I/O log timing file are two greater than they should be.
      Sudoreplay now contains a work-around to parse those files.
   
    * In sudoreplay's list mode, the "this" qualifier in "fromdate"
      or "todate" expressions now behaves more sensibly.  Previously,
      it would often match a date that was "one more" than expected.
      For example, "this week" now matches the current week instead
      of the following week.
   
   What's new in Sudo 1.8.7?
   
    * The non-Unix group plugin is now supported when sudoers data
      is stored in LDAP.
   
    * Sudo now uses a workaround for a locale bug on Solaris 11.0
      that prevents setuid programs like sudo from fully using locales.
   
    * User messages are now always displayed in the user's locale,
      even when the same message is being logged or mailed in a
      different locale.
   
    * Log files created by sudo now explicitly have the group set
      to group ID 0 rather than relying on BSD group semantics (which
      may not be the default).
   
    * A new "exec_background" sudoers option can be used to initially
      run the command without read access to the terminal when running
      a command in a pseudo-tty.  If the command tries to read from
      the terminal it will be stopped by the kernel (via SIGTTIN or
      SIGTTOU) and sudo will immediately restart it as the foreground
      process (if possible).  This allows sudo to only pass terminal
      input to the program if the program actually is expecting it.
      Unfortunately, a few poorly-behaved programs (like "su" on most
      Linux systems) do not handle SIGTTIN and SIGTTOU properly.
   
    * Sudo now uses an efficient group query to get all the groups
      for a user instead of iterating over every record in the group
      database on HP-UX and Solaris.
   
    * Sudo now produces better error messages when there is an error
      in the sudo.conf file.
   
    * Two new settings have been added to sudo.conf to give the admin
      better control of how group database queries are performed.  The
      "group_source" specifies how the group list for a user will be
      determined.  Legal values are "static" (use the kernel groups
      list), "dynamic" (perform a group database query) and "adaptive"
      (only perform a group database query if the kernel list is full).
      The "max_groups" setting specifies the maximum number of groups
      a user may belong to when performing a group database query.
   
    * The sudo.conf file now supports line continuation by using a
      backslash as the last character on the line.
   
    * There is now a standalone sudo.conf manual page.
   
    * Sudo now stores its libexec files in a "sudo" sub-directory instead
      of in libexec itself. For backwards compatibility, if the plugin
      is not found in the default plugin directory, sudo will check
      the parent directory if the default directory ends in "/sudo".
   
    * The sudoers I/O logging plugin now logs the terminal size.
   
    * A new sudoers option "maxseq" can be used to limit the number of
      I/O log entries that are stored.
   
    * The "system_group" and "group_file" sudoers group provider plugins
      are now installed by default.
   
    * The list output (sudo -l) output from the sudoers plugin is now
      less ambiguous when an entry includes different runas users.
      The long list output (sudo -ll) for file-based sudoers is now
      more consistent with the format of LDAP-based sudoers.
   
    * A uid may now be used in the sudoRunAsUser attributes for LDAP
      sudoers.
   
    * Minor plugin API change: the close and version functions are now
      optional.  If the policy plugin does not provide a close function
      and the command is not being run in a new pseudo-tty, sudo may
      now execute the command directly instead of in a child process.
   
    * A new sudoers option "pam_session" can be used to disable sudo's
      PAM session support.
   
    * On HP-UX systems, sudo will now use the pstat() function to
      determine the tty instead of ttyname().
   
    * Turkish translation for sudo and sudoers from translationproject.org.
   
    * Dutch translation for sudo and sudoers from translationproject.org.
   
    * Tivoli Directory Server client libraries may now be used with
      HP-UX where libibmldap has a hidden dependency on libCsup.
   
    * The sudoers plugin will now ignore invalid domain names when
      checking netgroup membership.  Most Linux systems use the string
      "(none)" for the NIS-style domain name instead of an empty string.
   
    * New support for specifying a SHA-2 digest along with the command
      in sudoers.  Supported hash types are sha224, sha256, sha384 and
      sha512.  See the description of Digest_Spec in the sudoers manual
      or the description of sudoCommand in the sudoers.ldap manual for
      details.
   
    * The paths to ldap.conf and ldap.secret may now be specified as
      arguments to the sudoers plugin in the sudo.conf file.
   
    * Fixed potential false positives in visudo's alias cycle detection.
   
    * Fixed a problem where the time stamp file was being treated
      as out of date on Linux systems where the change time on the
      pseudo-tty device node can change after it is allocated.
   
    * Sudo now only builds Position Independent Executables (PIE)
      by default on Linux systems and verifies that a trivial test
      program builds and runs.
   
    * On Solaris 11.1 and higher, sudo binaries will now have the
      ASLR tag enabled if supported by the linker.
   
   What's new in Sudo 1.8.6p8?
   
    * Terminal detection now works properly on 64-bit AIX kernels.
      This was broken by the removal of the ttyname() fallback in Sudo
      1.8.6p6.  Sudo is now able to map an AIX 64-bit device number
      to the corresponding device file in /dev.
   
    * Sudo now checks for crypt() returning NULL when performing
      passwd-based authentication.
   
   What's new in Sudo 1.8.6p7?
   
    * A time stamp file with the date set to the epoch by "sudo -k"
      is now completely ignored regardless of what the local clock is
      set to.  Previously, if the local clock was set to a value between
      the epoch and the time stamp timeout value, a time stamp reset
      by "sudo -k" would be considered current.
   
    * The tty-specific time stamp file now includes the session ID
      of the sudo process that created it.  If a process with the same
      tty but a different session ID runs sudo, the user will now be
      prompted for a password (assuming authentication is required for
      the command).
   
   What's new in Sudo 1.8.6p6?
   
    * On systems where the controlling tty can be determined via /proc
      or sysctl(), sudo will no longer fall back to using ttyname()
      if the process has no controlling tty.  This prevents sudo from
      using a non-controlling tty for logging and time stamp purposes.
   
   What's new in Sudo 1.8.6p5?
   
    * Fixed a potential crash in visudo's alias cycle detection.
   
    * Improved performance on Solaris when retrieving the group list
      for the target user.  On systems with a large number of groups
      where the group database is not local (NIS, LDAP, AD), fetching
      the group list could take a minute or more.
   
   What's new in Sudo 1.8.6p4?
   
    * The -fstack-protector is now used when linking visudo, sudoreplay
      and testsudoers.
   
    * Avoid building PIE binaries on FreeBSD/ia64 as they don't run
      properly.
   
    * Fixed a crash in visudo strict mode when an unknown Defaults
      setting is encountered.
   
    * Do not inform the user that the command was not permitted by the
      policy if they do not successfully authenticate. This is a
      regression introduced in sudo 1.8.6.
   
    * Allow sudo to be build with sss support without also including
      ldap support.
   
    * Fix running commands that need the terminal in the background
      when I/O logging is enabled. E.g. "sudo vi &". When the command
      is foregrounded, it will now resume properly.
   
   What's new in Sudo 1.8.6p3?
   
    * Fixed post-processing of the man pages on systems with legacy
      versions of sed.
   
    * Fixed "sudoreplay -l" on Linux systems with file systems that
      set DT_UNKNOWN in the d_type field of struct dirent.
   
   What's new in Sudo 1.8.6p2?
   
    * Fixed suspending a command after it has already been resumed
      once when I/O logging (or use_pty) is not enabled.
      This was a regression introduced in version 1.8.6.
   
   What's new in Sudo 1.8.6p1?
   
    * Fixed the setting of LOGNAME, USER and USERNAME variables in the
      command's environment when env_reset is enabled (the default).
      This was a regression introduced in version 1.8.6.
   
    * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
   
   What's new in Sudo 1.8.6?
   
    * Sudo is now built with the -fstack-protector flag if the the
      compiler supports it.  Also, the -zrelro linker flag is used if
      supported.  The --disable-hardening configure option can be used
      to build sudo without stack smashing protection.
   
    * Sudo is now built as a Position Independent Executable (PIE)
      if supported by the compiler and linker.
   
    * If the user is a member of the "exempt" group in sudoers, they
      will no longer be prompted for a password even if the -k flag
      is specified with the command.  This makes "sudo -k command"
      consistent with the behavior one would get if the user ran "sudo
      -k" immediately before running the command.
   
    * The sudoers file may now be a symbolic link.  Previously, sudo
      would refuse to read sudoers unless it was a regular file.
   
    * The sudoreplay command can now properly replay sessions where
      no tty was present.
   
    * The sudoers plugin now takes advantage of symbol visibility
      controls when supported by the compiler or linker.  As a result,
      only a small number of symbols are exported which significantly
      reduces the chances of a conflict with other shared objects.
   
    * Improved support for the Tivoli Directory Server LDAP client
      libraries.  This includes support for using LDAP over SSL (ldaps)
      as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
      ldap.conf options.  A new ldap.conf option, TLS_KEYPW can be
      used to specify a password to decrypt the key database.
   
    * When constructing a time filter for use with LDAP sudoNotBefore
      and sudoNotAfter attributes, the current time now includes tenths
      of a second.  This fixes a problem with timed entries on Active
      Directory.
   
    * If a user fails to authenticate and the command would be rejected
      by sudoers, it is now logged with "command not allowed" instead
      of "N incorrect password attempts".  Likewise, the "mail_no_perms"
      sudoers option now takes precedence over "mail_badpass".
   
    * The sudo manuals are now formatted using the mdoc macros.  Versions
      using the legacy man macros are provided for systems that lack mdoc.
   
    * New support for Solaris privilege sets.  This makes it possible
      to specify fine-grained privileges in the sudoers file on Solaris
      10 and above.  A Runas_Spec that contains no Runas_Lists can be
      used to give a user the ability to run a command as themselves
      but with an expanded privilege set.
   
    * Fixed a problem with the reboot and shutdown commands on some
      systems (such as HP-UX and BSD).  On these systems, reboot sends
      all processes (except itself) SIGTERM.  When sudo received
      SIGTERM, it would relay it to the reboot process, thus killing
      reboot before it had a chance to actually reboot the system.
   
    * Support for using the System Security Services Daemon (SSSD) as
      a source of sudoers data.
   
    * Slovenian translation for sudo and sudoers from translationproject.org.
   
    * Visudo will now warn about unknown Defaults entries that are
      per-host, per-user, per-runas or per-command.
   
    * Fixed a race condition that could cause sudo to receive SIGTTOU
      (and stop) when resuming a shell that was run via sudo when I/O
      logging (and use_pty) is not enabled.
   
    * Sending SIGTSTP directly to the sudo process will now suspend the
      running command when I/O logging (and use_pty) is not enabled.
   
   What's new in Sudo 1.8.5p3?
   
    * Fixed the loading of I/O plugins that conform to a plugin API
      version older than 1.2.
   
   What's new in Sudo 1.8.5p2?
   
    * Fixed use of the SUDO_ASKPASS environment variable which was
      broken in Sudo 1.8.5.
   
    * Fixed a problem reading the sudoers file when the file mode is
      more restrictive than the expected mode.  For example, when the
      expected sudoers file mode is 0440 but the actual mode is 0400.
   
   What's new in Sudo 1.8.5p1?
   
    * Fixed a bug that prevented files in an include directory from
      being evaluated.
   
   What's new in Sudo 1.8.5?
   
    * When "noexec" is enabled, sudo_noexec.so will now be prepended
      to any existing LD_PRELOAD variable instead of replacing it.
   
    * The sudo_noexec.so shared library now wraps the execvpe(),
      exect(), posix_spawn() and posix_spawnp() functions.
   
    * The user/group/mode checks on sudoers files have been relaxed.
      As long as the file is owned by the sudoers uid, not world-writable
      and not writable by a group other than the sudoers gid, the file
      is considered OK.  Note that visudo will still set the mode to
      the value specified at configure time.
   
    * It is now possible to specify the sudoers path, uid, gid and
      file mode as options to the plugin in the sudo.conf file.
   
    * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
      translations from translationproject.org.
   
    * /etc/environment is no longer read directly on Linux systems
      when PAM is used.  Sudo now merges the PAM environment into the
      user's environment which is typically set by the pam_env module.
   
    * The initial evironment created when env_reset is in effect now
      includes the contents of /etc/environment on AIX systems and the
      "setenv" and "path" entries from /etc/login.conf on BSD systems.
   
    * The plugin API has been extended in three ways.  First, options
      specified in sudo.conf after the plugin pathname are passed to
      the plugin's open function.  Second, sudo has limited support
      for hooks that can be used by plugins.  Currently, the hooks are
      limited to environment handling functions.  Third, the init_session
      policy plugin function is passed a pointer to the user environment
      which can be updated during session setup.  The plugin API version
      has been incremented to version 1.2.  See the sudo_plugin manual
      for more information.
   
    * The policy plugin's init_session function is now called by the
      parent sudo process, not the child process that executes the
      command.  This allows the PAM session to be open and closed in
      the same process, which some PAM modules require.
   
    * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
      which was broken in version 1.8.4.
   
    * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
      file is now uses to determine the controlling terminal, if possible.
      This allows tty-based tickets to work properly even when, e.g.
      standard input, output and error are redirected to /dev/null.
   
    * The output of "sudoreplay -l" is now sorted by file name (or
      sequence number).  Previously, entries were displayed in the
      order in which they were found on the file system.
   
    * Sudo now behaves properly when I/O logging is enabled and the
      controlling terminal is revoked (e.g. the running sshd is killed).
      Previously, sudo may have exited without calling the I/O plugin's
      close function which can lead to an incomplete I/O log.
   
    * Sudo can now detect when a user has logged out and back in again
      on Solaris 11, just like it can on Solaris 10.
   
    * The built-in zlib included with Sudo has been upgraded to version
      1.2.6.
   
    * Setting the SSL parameter to start_tls in ldap.conf now works
      properly when using Mozilla-based SDKs that support the
      ldap_start_tls_s() function.
   
    * The TLS_CHECKPEER parameter in ldap.conf now works when the
      Mozilla NSS crypto backend is used with OpenLDAP.
   
    * A new group provider plugin, system_group, is included which
      performs group look ups by name using the system groups database.
      This can be used to restore the pre-1.7.3 sudo group lookup
      behavior.
   
   What's new in Sudo 1.8.4p5?
   
    * Fixed a bug when matching against an IP address with an associated
      netmask in the sudoers file.  In certain circumstances, this
      could allow users to run commands on hosts they are not authorized
      for.
   
   What's new in Sudo 1.8.4p4?
   
    * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
      from working.
   
   What's new in Sudo 1.8.4p3?
   
    * Fixed a crash on FreeBSD when no tty is present.
   
    * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
      specify environment variables to set on the command line without
      having sudo "ALL" permissions or the "SETENV" tag.
   
    * When visudo is run with the -c (check) option, the sudoers
      file(s) owner and mode are now also checked unless the -f option
      was specified.
   
   What's new in Sudo 1.8.4p2?
   
    * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
      was allocated for group IDs in the LDAP filter.
   
    * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
      was "/sudo.conf" instead of "/etc/sudo.conf".
   
    * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
      when I/O logging is enabled and input is from a pipe or file.
   
   What's new in Sudo 1.8.4p1?
   
    * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
      deleting from the env_keep, env_check and env_delete lists in
      sudoers on some platforms.
   
   What's new in Sudo 1.8.4?
   
    * The -D flag in sudo has been replaced with a more general debugging
      framework that is configured in sudo.conf.
   
    * Fixed a false positive in visudo strict mode when aliases are
      in use.
   
    * Fixed a crash with "sudo -i" when a runas group was specified
      without a runas user.
   
    * The line on which a syntax error is reported in the sudoers file
      is now more accurate.  Previously it was often off by a line.
   
    * Fixed a bug where stack garbage could be printed at the end of
      the lecture when the "lecture_file" option was enabled.
   
    * "make install" now honors the LINGUAS environment variable.
   
    * The #include and #includedir directives in sudoers now support
      relative paths.  If the path is not fully qualified it is expected
      to be located in the same directory of the sudoers file that is
      including it.
   
    * Serbian and Spanish translations for sudo from translationproject.org.
   
    * LDAP-based sudoers may now access by group ID in addition to
      group name.
   
    * visudo will now fix the mode on the sudoers file even if no changes
      are made unless the -f option is specified.
   
    * The "use_loginclass" sudoers option works properly again.
   
    * On systems that use login.conf, "sudo -i" now sets environment
      variables based on login.conf.
   
    * For LDAP-based sudoers, values in the search expression are now
      escaped as per RFC 4515.
   
    * The plugin close function is now properly called when a login
      session is killed (as opposed to the actual command being killed).
      This can happen when an ssh session is disconnected or the
      terminal window is closed.
   
    * The deprecated "noexec_file" sudoers option is no longer supported.
   
    * Fixed a race condition when I/O logging is not enabled that could
      result in tty-generated signals (e.g. control-C) being received
      by the command twice.
   
    * If none of the standard input, output or error are connected to
      a tty device, sudo will now check its parent's standard input,
      output or error for the tty name on systems with /proc and BSD
      systems that support the KERN_PROC_PID sysctl.  This allows
      tty-based tickets to work properly even when, e.g. standard
      input, output and error are redirected to /dev/null.
   
    * Added the --enable-kerb5-instance configure option to allow
      people using Kerberos V authentication to specify a custom
      instance so the principal name can be, e.g. "username/sudo"
      similar to how ksu uses "username/root".
   
    * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
      the results, which would be incorrectly be interpreted as if the
      sudoers file had specified a directory.
   
    * "visudo -c" will now list any include files that were checked
      in addition to the main sudoers file when everything parses OK.
   
    * Users that only have read-only access to the sudoers file may
      now run "visudo -c".  Previously, write permissions were required
      even though no writing is down in check-only mode.
   
    * It is now possible to prevent the disabling of core dumps from
      within sudo itself by adding a line to the sudo.conf file like
      "Set disable_coredump false".
   
 What's new in Sudo 1.8.3p2?  What's new in Sudo 1.8.3p2?
   
  * Fixed a format string vulnerability when the sudo binary (or a   * Fixed a format string vulnerability when the sudo binary (or a
Line 8  What's new in Sudo 1.8.3p1? Line 569  What's new in Sudo 1.8.3p1?
   
  * Fixed a crash in the monitor process on Solaris when NOPASSWD   * Fixed a crash in the monitor process on Solaris when NOPASSWD
    was specified or when authentication was disabled.     was specified or when authentication was disabled.
 
  * Fixed matching of a Runas_Alias in the group section of a   * Fixed matching of a Runas_Alias in the group section of a
    Runas_Spec.     Runas_Spec.
   
Line 80  What's new in Sudo 1.8.2? Line 641  What's new in Sudo 1.8.2?
  * Visudo now checks the contents of an alias and warns about cycles   * Visudo now checks the contents of an alias and warns about cycles
    when the alias is expanded.     when the alias is expanded.
   
 * If the user specifes a group via sudo's -g option that matches * If the user specifies a group via sudo's -g option that matches
    the target user's group in the password database, it is now     the target user's group in the password database, it is now
    allowed even if no groups are present in the Runas_Spec.     allowed even if no groups are present in the Runas_Spec.
   

Removed from v.1.1  
changed lines
  Added in v.1.1.1.5


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>