version 1.1.1.5, 2013/10/14 07:56:33
|
version 1.1.1.6, 2014/06/15 16:12:53
|
Line 1
|
Line 1
|
|
What's new in Sudo 1.8.10p3? |
|
|
|
* Fixed expansion of %p in the prompt for "sudo -l" when rootpw, |
|
runaspw or targetpw is set. Bug #639 |
|
|
|
* Fixed matching of uids and gids which was broken in version 1.8.9. |
|
Bug #640 |
|
|
|
* PAM credential initialization has been re-enabled. It was |
|
unintentionally disabled by default in version 1.8.8. The way |
|
credentials are initialized has also been fixed. Bug #642. |
|
|
|
* Fixed a descriptor leak on Linux when determing boot time. Sudo |
|
normally closes extra descriptors before running a command so |
|
the impact is limited. Bug #645 |
|
|
|
* Fixed flushing of the last buffer of data when I/O logging is |
|
enabled. This bug, introduced in version 1.8.9, could cause |
|
incomplete command output on some systems. Bug #646 |
|
|
|
What's new in Sudo 1.8.10p2? |
|
|
|
* Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout |
|
is set to zero. |
|
|
|
What's new in Sudo 1.8.10p1? |
|
|
|
* Fixed a bug introduced in sudo 1.8.10 that prevented the disabling |
|
of tty-based tickets. |
|
|
|
* Fixed a bug with netgated commands in "sudo -l command" that |
|
could cause the command to be listed even when it was explicitly |
|
denied. This only affected list mode when a command was specified. |
|
Bug #636 |
|
|
|
What's new in Sudo 1.8.10? |
|
|
|
* It is now possible to disable network interface probing in |
|
sudo.conf by changing the value of the probe_interfaces |
|
setting. |
|
|
|
* When listing a user's privileges (sudo -l), the sudoers plugin |
|
will now prompt for the user's password even if the targetpw, |
|
rootpw or runaspw options are set. |
|
|
|
* The sudoers plugin uses a new format for its time stamp files. |
|
Each user now has a single file which may contain multiple records |
|
when per-tty time stamps are in use (the default). The time |
|
stamps use a monotonic timer where available and are once again |
|
located in a directory under /var/run. The lecture status is |
|
now stored separately from the time stamps in a different directory. |
|
Bug #616 |
|
|
|
* sudo's -K option will now remove all of the user's time stamps, |
|
not just the time stamp for the current terminal. The -k option |
|
can be used to only disable time stamps for the current terminal. |
|
|
|
* If sudo was started in the background and needed to prompt for |
|
a password, it was not possible to suspend it at the password |
|
prompt. This now works properly. |
|
|
|
* LDAP-based sudoers now uses a default search filter of |
|
(objectClass=sudoRole) for more efficient queries. The netgroup |
|
query has been modified to avoid falling below the minimum length |
|
for OpenLDAP substring indices. |
|
|
|
* The new "use_netgroups" sudoers option can be used to explicitly |
|
enable or disable netgroups support. For LDAP-based sudoers, |
|
netgroup support requires an expensive substring match on the |
|
server. If netgroups are not needed, this option can be disabled |
|
to reduce the load on the LDAP server. |
|
|
|
* Sudo is once again able to open the sudoers file when the group |
|
on sudoers doesn't match the expected value, so long as the file |
|
is not group writable. |
|
|
|
* Sudo now installs an init.d script to clear the time stamp |
|
directory at boot time on AIX and HP-UX systems. These systems |
|
either lack /var/run or do not clear it on boot. |
|
|
|
* The JSON format used by "visudo -x" now properly supports the |
|
negation operator. In addition, the Options object is now the |
|
same for both Defaults and Cmnd_Specs. |
|
|
|
* Czech and Serbian translations for sudoers from translationproject.org. |
|
|
|
* Catalan translation for sudo from translationproject.org. |
|
|
|
What's new in Sudo 1.8.9p5? |
|
|
|
* Fixed a compilation error on AIX when LDAP support is enabled. |
|
|
|
* Fixed parsing of the "umask" defaults setting in sudoers. Bug #632. |
|
|
|
* Fixed a failed assertion when the "closefrom_override" defaults |
|
setting is enabled in sudoers and sudo's -C flag is used. Bug #633. |
|
|
|
What's new in Sudo 1.8.9p4? |
|
|
|
* Fixed a bug where sudo could consume large amounts of CPU while |
|
the command was running when I/O logging is not enabled. Bug #631 |
|
|
|
* Fixed a bug where sudo would exit with an error when the debug |
|
level is set to util@debug or all@debug and I/O logging is not |
|
enabled. The command would continue runnning after sudo exited. |
|
|
|
What's new in Sudo 1.8.9p3? |
|
|
|
* Fixed a bug introduced in sudo 1.8.9 that prevented the tty name |
|
from being resolved properly on Linux systems. Bug #630. |
|
|
|
What's new in Sudo 1.8.9p2? |
|
|
|
* Updated config.guess, config.sub and libtool to support the ppc64le |
|
architecture (IBM PowerPC Little Endian). |
|
|
|
What's new in Sudo 1.8.9p1? |
|
|
|
* Fixed a problem with gcc 4.8's handling of bit fields that could |
|
lead to the noexec flag being enabled even when it was not |
|
explicitly set. |
|
|
|
What's new in Sudo 1.8.9? |
|
|
|
* Reworked sudo's main event loop to use a simple event subsystem |
|
using poll(2) or select(2) as the back end. |
|
|
|
* It is now possible to statically compile the sudoers plugin into |
|
the sudo binary without disabling shared library support. The |
|
sudo.conf file may still be used to configure other plugins. |
|
|
|
* Sudo can now be compiled again with a C preprocessor that does |
|
not support variadic macros. |
|
|
|
* Visudo can now export a sudoers file in JSON format using the |
|
new -x flag. |
|
|
|
* The locale is now set correctly again for visudo and sudoreplay. |
|
|
|
* The plugin API has been extended to allow the plugin to exclude |
|
specific file descriptors from the "closefrom" range. |
|
|
|
* There is now a workaround for a Solaris-specific problem where |
|
NOEXEC was overriding traditional root DAC behavior. |
|
|
|
* Add user netgroup filtering for SSSD. Previously, rules for |
|
a netgroup were applied to all even when they did not belong |
|
to the specified netgroup. |
|
|
|
* On systems with BSD login classes, if the user specified a group |
|
(not a user) to run the command as, it was possible to specify |
|
a different login class even when the command was not run as the |
|
super user. |
|
|
|
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible. |
|
|
|
* Fixed a bug where sudoedit would not update the original file |
|
from the temporary when PAM or I/O logging is not enabled. |
|
|
|
* When recycling I/O logs, the log files are now truncated properly. |
|
|
|
* Fixes bugs #617, #621, #622, #623, #624, #625, #626 |
|
|
What's new in Sudo 1.8.8? |
What's new in Sudo 1.8.8? |
|
|
* Removed a warning on PAM systems with stacked auth modules |
* Removed a warning on PAM systems with stacked auth modules |