|
version 1.1.1.5, 2013/10/14 07:56:33
|
version 1.1.1.6, 2014/06/15 16:12:53
|
|
Line 1
|
Line 1
|
| |
What's new in Sudo 1.8.10p3? |
| |
|
| |
* Fixed expansion of %p in the prompt for "sudo -l" when rootpw, |
| |
runaspw or targetpw is set. Bug #639 |
| |
|
| |
* Fixed matching of uids and gids which was broken in version 1.8.9. |
| |
Bug #640 |
| |
|
| |
* PAM credential initialization has been re-enabled. It was |
| |
unintentionally disabled by default in version 1.8.8. The way |
| |
credentials are initialized has also been fixed. Bug #642. |
| |
|
| |
* Fixed a descriptor leak on Linux when determing boot time. Sudo |
| |
normally closes extra descriptors before running a command so |
| |
the impact is limited. Bug #645 |
| |
|
| |
* Fixed flushing of the last buffer of data when I/O logging is |
| |
enabled. This bug, introduced in version 1.8.9, could cause |
| |
incomplete command output on some systems. Bug #646 |
| |
|
| |
What's new in Sudo 1.8.10p2? |
| |
|
| |
* Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout |
| |
is set to zero. |
| |
|
| |
What's new in Sudo 1.8.10p1? |
| |
|
| |
* Fixed a bug introduced in sudo 1.8.10 that prevented the disabling |
| |
of tty-based tickets. |
| |
|
| |
* Fixed a bug with netgated commands in "sudo -l command" that |
| |
could cause the command to be listed even when it was explicitly |
| |
denied. This only affected list mode when a command was specified. |
| |
Bug #636 |
| |
|
| |
What's new in Sudo 1.8.10? |
| |
|
| |
* It is now possible to disable network interface probing in |
| |
sudo.conf by changing the value of the probe_interfaces |
| |
setting. |
| |
|
| |
* When listing a user's privileges (sudo -l), the sudoers plugin |
| |
will now prompt for the user's password even if the targetpw, |
| |
rootpw or runaspw options are set. |
| |
|
| |
* The sudoers plugin uses a new format for its time stamp files. |
| |
Each user now has a single file which may contain multiple records |
| |
when per-tty time stamps are in use (the default). The time |
| |
stamps use a monotonic timer where available and are once again |
| |
located in a directory under /var/run. The lecture status is |
| |
now stored separately from the time stamps in a different directory. |
| |
Bug #616 |
| |
|
| |
* sudo's -K option will now remove all of the user's time stamps, |
| |
not just the time stamp for the current terminal. The -k option |
| |
can be used to only disable time stamps for the current terminal. |
| |
|
| |
* If sudo was started in the background and needed to prompt for |
| |
a password, it was not possible to suspend it at the password |
| |
prompt. This now works properly. |
| |
|
| |
* LDAP-based sudoers now uses a default search filter of |
| |
(objectClass=sudoRole) for more efficient queries. The netgroup |
| |
query has been modified to avoid falling below the minimum length |
| |
for OpenLDAP substring indices. |
| |
|
| |
* The new "use_netgroups" sudoers option can be used to explicitly |
| |
enable or disable netgroups support. For LDAP-based sudoers, |
| |
netgroup support requires an expensive substring match on the |
| |
server. If netgroups are not needed, this option can be disabled |
| |
to reduce the load on the LDAP server. |
| |
|
| |
* Sudo is once again able to open the sudoers file when the group |
| |
on sudoers doesn't match the expected value, so long as the file |
| |
is not group writable. |
| |
|
| |
* Sudo now installs an init.d script to clear the time stamp |
| |
directory at boot time on AIX and HP-UX systems. These systems |
| |
either lack /var/run or do not clear it on boot. |
| |
|
| |
* The JSON format used by "visudo -x" now properly supports the |
| |
negation operator. In addition, the Options object is now the |
| |
same for both Defaults and Cmnd_Specs. |
| |
|
| |
* Czech and Serbian translations for sudoers from translationproject.org. |
| |
|
| |
* Catalan translation for sudo from translationproject.org. |
| |
|
| |
What's new in Sudo 1.8.9p5? |
| |
|
| |
* Fixed a compilation error on AIX when LDAP support is enabled. |
| |
|
| |
* Fixed parsing of the "umask" defaults setting in sudoers. Bug #632. |
| |
|
| |
* Fixed a failed assertion when the "closefrom_override" defaults |
| |
setting is enabled in sudoers and sudo's -C flag is used. Bug #633. |
| |
|
| |
What's new in Sudo 1.8.9p4? |
| |
|
| |
* Fixed a bug where sudo could consume large amounts of CPU while |
| |
the command was running when I/O logging is not enabled. Bug #631 |
| |
|
| |
* Fixed a bug where sudo would exit with an error when the debug |
| |
level is set to util@debug or all@debug and I/O logging is not |
| |
enabled. The command would continue runnning after sudo exited. |
| |
|
| |
What's new in Sudo 1.8.9p3? |
| |
|
| |
* Fixed a bug introduced in sudo 1.8.9 that prevented the tty name |
| |
from being resolved properly on Linux systems. Bug #630. |
| |
|
| |
What's new in Sudo 1.8.9p2? |
| |
|
| |
* Updated config.guess, config.sub and libtool to support the ppc64le |
| |
architecture (IBM PowerPC Little Endian). |
| |
|
| |
What's new in Sudo 1.8.9p1? |
| |
|
| |
* Fixed a problem with gcc 4.8's handling of bit fields that could |
| |
lead to the noexec flag being enabled even when it was not |
| |
explicitly set. |
| |
|
| |
What's new in Sudo 1.8.9? |
| |
|
| |
* Reworked sudo's main event loop to use a simple event subsystem |
| |
using poll(2) or select(2) as the back end. |
| |
|
| |
* It is now possible to statically compile the sudoers plugin into |
| |
the sudo binary without disabling shared library support. The |
| |
sudo.conf file may still be used to configure other plugins. |
| |
|
| |
* Sudo can now be compiled again with a C preprocessor that does |
| |
not support variadic macros. |
| |
|
| |
* Visudo can now export a sudoers file in JSON format using the |
| |
new -x flag. |
| |
|
| |
* The locale is now set correctly again for visudo and sudoreplay. |
| |
|
| |
* The plugin API has been extended to allow the plugin to exclude |
| |
specific file descriptors from the "closefrom" range. |
| |
|
| |
* There is now a workaround for a Solaris-specific problem where |
| |
NOEXEC was overriding traditional root DAC behavior. |
| |
|
| |
* Add user netgroup filtering for SSSD. Previously, rules for |
| |
a netgroup were applied to all even when they did not belong |
| |
to the specified netgroup. |
| |
|
| |
* On systems with BSD login classes, if the user specified a group |
| |
(not a user) to run the command as, it was possible to specify |
| |
a different login class even when the command was not run as the |
| |
super user. |
| |
|
| |
* The closefrom() emulation on Mac OS X now uses /dev/fd if possible. |
| |
|
| |
* Fixed a bug where sudoedit would not update the original file |
| |
from the temporary when PAM or I/O logging is not enabled. |
| |
|
| |
* When recycling I/O logs, the log files are now truncated properly. |
| |
|
| |
* Fixes bugs #617, #621, #622, #623, #624, #625, #626 |
| |
|
| What's new in Sudo 1.8.8? |
What's new in Sudo 1.8.8? |
| |
|
| * Removed a warning on PAM systems with stacked auth modules |
* Removed a warning on PAM systems with stacked auth modules |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo