Annotation of embedaddon/sudo/NEWS, revision 1.1.1.2

1.1.1.2 ! misho       1: What's new in Sudo 1.8.5p1?
        !             2: 
        !             3:  * Fixed a bug that prevented files in an include directory from
        !             4:    being evaluated.
        !             5: 
        !             6: What's new in Sudo 1.8.5?
        !             7: 
        !             8:  * When "noexec" is enabled, sudo_noexec.so will now be prepended
        !             9:    to any existing LD_PRELOAD variable instead of replacing it.
        !            10: 
        !            11:  * The sudo_noexec.so shared library now wraps the execvpe(),
        !            12:    exect(), posix_spawn() and posix_spawnp() functions.
        !            13: 
        !            14:  * The user/group/mode checks on sudoers files have been relaxed.
        !            15:    As long as the file is owned by the sudoers uid, not world-writable
        !            16:    and not writable by a group other than the sudoers gid, the file
        !            17:    is considered OK.  Note that visudo will still set the mode to
        !            18:    the value specified at configure time.
        !            19: 
        !            20:  * It is now possible to specify the sudoers path, uid, gid and
        !            21:    file mode as options to the plugin in the sudo.conf file.
        !            22: 
        !            23:  * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
        !            24:    translations from translationproject.org.
        !            25: 
        !            26:  * /etc/environment is no longer read directly on Linux systems
        !            27:    when PAM is used.  Sudo now merges the PAM environment into the
        !            28:    user's environment which is typically set by the pam_env module.
        !            29: 
        !            30:  * The initial evironment created when env_reset is in effect now
        !            31:    includes the contents of /etc/environment on AIX systems and the
        !            32:    "setenv" and "path" entries from /etc/login.conf on BSD systems.
        !            33: 
        !            34:  * The plugin API has been extended in three ways.  First, options
        !            35:    specified in sudo.conf after the plugin pathname are passed to
        !            36:    the plugin's open function.  Second, sudo has limited support
        !            37:    for hooks that can be used by plugins.  Currently, the hooks are
        !            38:    limited to environment handling functions.  Third, the init_session
        !            39:    policy plugin function is passed a pointer to the user environment
        !            40:    which can be updated during session setup.  The plugin API version
        !            41:    has been incremented to version 1.2.  See the sudo_plugin manual
        !            42:    for more information.
        !            43: 
        !            44:  * The policy plugin's init_session function is now called by the
        !            45:    parent sudo process, not the child process that executes the
        !            46:    command.  This allows the PAM session to be open and closed in
        !            47:    the same process, which some PAM modules require.
        !            48: 
        !            49:  * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
        !            50:    which was broken in version 1.8.4.
        !            51: 
        !            52:  * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
        !            53:    file is now uses to determine the controlling terminal, if possible.
        !            54:    This allows tty-based tickets to work properly even when, e.g.
        !            55:    standard input, output and error are redirected to /dev/null.
        !            56: 
        !            57:  * The output of "sudoreplay -l" is now sorted by file name (or
        !            58:    sequence number).  Previously, entries were displayed in the
        !            59:    order in which they were found on the file system.
        !            60: 
        !            61:  * Sudo now behaves properly when I/O logging is enabled and the
        !            62:    controlling terminal is revoked (e.g. the running sshd is killed).
        !            63:    Previously, sudo may have exited without calling the I/O plugin's
        !            64:    close function which can lead to an incomplete I/O log.
        !            65: 
        !            66:  * Sudo can now detect when a user has logged out and back in again
        !            67:    on Solaris 11, just like it can on Solaris 10.
        !            68: 
        !            69:  * The built-in zlib included with Sudo has been upgraded to version
        !            70:    1.2.6.
        !            71: 
        !            72:  * Setting the SSL parameter to start_tls in ldap.conf now works
        !            73:    properly when using Mozilla-based SDKs that support the
        !            74:    ldap_start_tls_s() function.
        !            75: 
        !            76:  * The TLS_CHECKPEER parameter in ldap.conf now works when the
        !            77:    Mozilla NSS crypto backend is used with OpenLDAP.
        !            78: 
        !            79:  * A new group provider plugin, system_group, is included which
        !            80:    performs group look ups by name using the system groups database.
        !            81:    This can be used to restore the pre-1.7.3 sudo group lookup
        !            82:    behavior.
        !            83: 
        !            84: What's new in Sudo 1.8.4p5?
        !            85: 
        !            86:  * Fixed a bug when matching against an IP address with an associated
        !            87:    netmask in the sudoers file.  In certain circumstances, this
        !            88:    could allow users to run commands on hosts they are not authorized
        !            89:    for.
        !            90: 
        !            91: What's new in Sudo 1.8.4p4?
        !            92: 
        !            93:  * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
        !            94:    from working.
        !            95: 
        !            96: What's new in Sudo 1.8.4p3?
        !            97: 
        !            98:  * Fixed a crash on FreeBSD when no tty is present.
        !            99: 
        !           100:  * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
        !           101:    specify environment variables to set on the command line without
        !           102:    having sudo "ALL" permissions or the "SETENV" tag.
        !           103: 
        !           104:  * When visudo is run with the -c (check) option, the sudoers
        !           105:    file(s) owner and mode are now also checked unless the -f option
        !           106:    was specified.
        !           107: 
        !           108: What's new in Sudo 1.8.4p2?
        !           109: 
        !           110:  * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
        !           111:    was allocated for group IDs in the LDAP filter.
        !           112: 
        !           113:  * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
        !           114:    was "/sudo.conf" instead of "/etc/sudo.conf".
        !           115: 
        !           116:  * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
        !           117:    when I/O logging is enabled and input is from a pipe or file.
        !           118: 
        !           119: What's new in Sudo 1.8.4p1?
        !           120: 
        !           121:  * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
        !           122:    deleting from the env_keep, env_check and env_delete lists in
        !           123:    sudoers on some platforms.
        !           124: 
        !           125: What's new in Sudo 1.8.4?
        !           126: 
        !           127:  * The -D flag in sudo has been replaced with a more general debugging
        !           128:    framework that is configured in sudo.conf.
        !           129: 
        !           130:  * Fixed a false positive in visudo strict mode when aliases are
        !           131:    in use.
        !           132: 
        !           133:  * Fixed a crash with "sudo -i" when a runas group was specified
        !           134:    without a runas user.
        !           135: 
        !           136:  * The line on which a syntax error is reported in the sudoers file
        !           137:    is now more accurate.  Previously it was often off by a line.
        !           138: 
        !           139:  * Fixed a bug where stack garbage could be printed at the end of
        !           140:    the lecture when the "lecture_file" option was enabled.
        !           141: 
        !           142:  * "make install" now honors the LINGUAS environment variable.
        !           143: 
        !           144:  * The #include and #includedir directives in sudoers now support
        !           145:    relative paths.  If the path is not fully qualified it is expected
        !           146:    to be located in the same directory of the sudoers file that is
        !           147:    including it.
        !           148: 
        !           149:  * Serbian and Spanish translations for sudo from translationproject.org.
        !           150: 
        !           151:  * LDAP-based sudoers may now access by group ID in addition to
        !           152:    group name.
        !           153: 
        !           154:  * visudo will now fix the mode on the sudoers file even if no changes
        !           155:    are made unless the -f option is specified.
        !           156: 
        !           157:  * The "use_loginclass" sudoers option works properly again.
        !           158: 
        !           159:  * On systems that use login.conf, "sudo -i" now sets environment
        !           160:    variables based on login.conf.
        !           161: 
        !           162:  * For LDAP-based sudoers, values in the search expression are now
        !           163:    escaped as per RFC 4515.
        !           164: 
        !           165:  * The plugin close function is now properly called when a login
        !           166:    session is killed (as opposed to the actual command being killed).
        !           167:    This can happen when an ssh session is disconnected or the
        !           168:    terminal window is closed.
        !           169: 
        !           170:  * The deprecated "noexec_file" sudoers option is no longer supported.
        !           171: 
        !           172:  * Fixed a race condition when I/O logging is not enabled that could
        !           173:    result in tty-generated signals (e.g. control-C) being received
        !           174:    by the command twice.
        !           175: 
        !           176:  * If none of the standard input, output or error are connected to
        !           177:    a tty device, sudo will now check its parent's standard input,
        !           178:    output or error for the tty name on systems with /proc and BSD
        !           179:    systems that support the KERN_PROC_PID sysctl.  This allows
        !           180:    tty-based tickets to work properly even when, e.g. standard
        !           181:    input, output and error are redirected to /dev/null.
        !           182: 
        !           183:  * Added the --enable-kerb5-instance configure option to allow
        !           184:    people using Kerberos V authentication to specify a custom
        !           185:    instance so the principal name can be, e.g. "username/sudo"
        !           186:    similar to how ksu uses "username/root".
        !           187: 
        !           188:  * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
        !           189:    the results, which would be incorrectly be interpreted as if the
        !           190:    sudoers file had specified a directory.
        !           191: 
        !           192:  * "visudo -c" will now list any include files that were checked
        !           193:    in addition to the main sudoers file when everything parses OK.
        !           194: 
        !           195:  * Users that only have read-only access to the sudoers file may
        !           196:    now run "visudo -c".  Previously, write permissions were required
        !           197:    even though no writing is down in check-only mode.
        !           198: 
        !           199:  * It is now possible to prevent the disabling of core dumps from
        !           200:    within sudo itself by adding a line to the sudo.conf file like
        !           201:    "Set disable_coredump false".
        !           202: 
1.1       misho     203: What's new in Sudo 1.8.3p2?
                    204: 
                    205:  * Fixed a format string vulnerability when the sudo binary (or a
                    206:    symbolic link to the sudo binary) contains printf format escapes
                    207:    and the -D (debugging) flag is used.
                    208: 
                    209: What's new in Sudo 1.8.3p1?
                    210: 
                    211:  * Fixed a crash in the monitor process on Solaris when NOPASSWD
                    212:    was specified or when authentication was disabled.
                    213:  
                    214:  * Fixed matching of a Runas_Alias in the group section of a
                    215:    Runas_Spec.
                    216: 
                    217: What's new in Sudo 1.8.3?
                    218: 
                    219:  * Fixed expansion of strftime() escape sequences in the "log_dir"
                    220:    sudoers setting.
                    221: 
                    222:  * Esperanto, Italian and Japanese translations from translationproject.org.
                    223: 
                    224:  * Sudo will now use PAM by default on AIX 6 and higher.
                    225: 
                    226:  * Added --enable-werror configure option for gcc's -Werror flag.
                    227: 
                    228:  * Visudo no longer assumes all editors support the +linenumber
                    229:    command line argument.  It now uses a whitelist of editors known
                    230:    to support the option.
                    231: 
                    232:  * Fixed matching of network addresses when a netmask is specified
                    233:    but the address is not the first one in the CIDR block.
                    234: 
                    235:  * The configure script now check whether or not errno.h declares
                    236:    the errno variable.  Previously, sudo would always declare errno
                    237:    itself for older systems that don't declare it in errno.h.
                    238: 
                    239:  * The NOPASSWD tag is now honored for denied commands too, which
                    240:    matches historic sudo behavior (prior to sudo 1.7.0).
                    241: 
                    242:  * Sudo now honors the "DEREF" setting in ldap.conf which controls
                    243:    how alias dereferencing is done during an LDAP search.
                    244: 
                    245:  * A symbol conflict with the pam_ssh_agent_auth PAM module that
                    246:    would cause a crash been resolved.
                    247: 
                    248:  * The inability to load a group provider plugin is no longer
                    249:    a fatal error.
                    250: 
                    251:  * A potential crash in the utmp handling code has been fixed.
                    252: 
                    253:  * Two PAM session issues have been resolved.  In previous versions
                    254:    of sudo, the PAM session was opened as one user and closed as
                    255:    another.  Additionally, if no authentication was performed, the
                    256:    PAM session would never be closed.
                    257: 
                    258:  * Sudo will now work correctly with LDAP-based sudoers using TLS
                    259:    or SSL on Debian systems.
                    260: 
                    261:  * The LOGNAME, USER and USERNAME environment variables are preserved
                    262:    correctly again in sudoedit mode.
                    263: 
                    264: What's new in Sudo 1.8.2?
                    265: 
                    266:  * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
                    267:    language support (NLS). This can be disabled by passing configure
                    268:    the --disable-nls option.  Sudo will use gettext(), if available,
                    269:    to display translated messages.  All translations are coordinated
                    270:    via The Translation Project, http://translationproject.org/.
                    271: 
                    272:  * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
                    273:    RTLD_LOCAL.  This fixes missing symbol problems in PAM modules
                    274:    on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
                    275: 
                    276:  * I/O logging is now supported for commands run in background mode
                    277:    (using sudo's -b flag).
                    278: 
                    279:  * Group ownership of the sudoers file is now only enforced when
                    280:    the file mode on sudoers allows group readability or writability.
                    281: 
                    282:  * Visudo now checks the contents of an alias and warns about cycles
                    283:    when the alias is expanded.
                    284: 
1.1.1.2 ! misho     285:  * If the user specifies a group via sudo's -g option that matches
1.1       misho     286:    the target user's group in the password database, it is now
                    287:    allowed even if no groups are present in the Runas_Spec.
                    288: 
                    289:  * The sudo Makefiles now have more complete dependencies which are
                    290:    automatically generated instead of being maintained manually.
                    291: 
                    292:  * The "use_pty" sudoers option is now correctly passed back to the
                    293:    sudo front end.  This was missing in previous versions of sudo
                    294:    1.8 which prevented "use_pty" from being honored.
                    295: 
                    296:  * "sudo -i command" now works correctly with the bash version
                    297:    2.0 and higher.  Previously, the .bash_profile would not be
                    298:    sourced prior to running the command unless bash was built with
                    299:    NON_INTERACTIVE_LOGIN_SHELLS defined.
                    300: 
                    301:  * When matching groups in the sudoers file, sudo will now match
                    302:    based on the name of the group instead of the group ID. This can
                    303:    substantially reduce the number of group lookups for sudoers
                    304:    files that contain a large number of groups.
                    305: 
                    306:  * Multi-factor authentication is now supported on AIX.
                    307: 
                    308:  * Added support for non-RFC 4517 compliant LDAP servers that require
                    309:    that seconds be present in a timestamp, such as Tivoli Directory Server.
                    310: 
                    311:  * If the group vector is to be preserved, the PATH search for the
                    312:    command is now done with the user's original group vector.
                    313: 
                    314:  * For LDAP-based sudoers, the "runas_default" sudoOption now works
                    315:    properly in a sudoRole that contains a sudoCommand.
                    316: 
                    317:  * Spaces in command line arguments for "sudo -s" and "sudo -i" are
                    318:    now escaped with a backslash when checking the security policy.
                    319: 
                    320: What's new in Sudo 1.8.1p2?
                    321: 
                    322:  * Two-character CIDR-style IPv4 netmasks are now matched correctly
                    323:    in the sudoers file.
                    324: 
                    325:  * A build error with MIT Kerberos V has been resolved.
                    326: 
                    327:  * A crash on HP-UX in the sudoers plugin when wildcards are
                    328:    present in the sudoers file has been resolved.
                    329: 
                    330:  * Sudo now works correctly on Tru64 Unix again.
                    331: 
                    332: What's new in Sudo 1.8.1p1?
                    333: 
                    334:  * Fixed a problem on AIX where sudo was unable to set the final
                    335:    uid if the PAM module modified the effective uid.
                    336: 
                    337:  * A non-existent includedir is now treated the same as an empty
                    338:    directory and not reported as an error.
                    339: 
                    340:  * Removed extraneous parens in LDAP filter when sudoers_search_filter
                    341:    is enabled that can cause an LDAP search error.
                    342: 
                    343:  * Fixed a "make -j" problem for "make install".
                    344: 
                    345: What's new in Sudo 1.8.1?
                    346: 
                    347:  * A new LDAP setting, sudoers_search_filter, has been added to
                    348:    ldap.conf.  This setting can be used to restrict the set of
                    349:    records returned by the LDAP query.  Based on changes from Matthew
                    350:    Thomas.
                    351: 
                    352:  * White space is now permitted within a User_List when used in
                    353:    conjunction with a per-user Defaults definition.
                    354: 
                    355:  * A group ID (%#gid) may now be specified in a User_List or Runas_List.
                    356:    Likewise, for non-Unix groups the syntax is %:#gid.
                    357: 
                    358:  * Support for double-quoted words in the sudoers file has been fixed.
                    359:    The change in 1.7.5 for escaping the double quote character
                    360:    caused the double quoting to only be available at the beginning
                    361:    of an entry.
                    362: 
                    363:  * The fix for resuming a suspended shell in 1.7.5 caused problems
                    364:    with resuming non-shells on Linux.  Sudo will now save the process
                    365:    group ID of the program it is running on suspend and restore it
                    366:    when resuming, which fixes both problems.
                    367: 
                    368:  * A bug that could result in corrupted output in "sudo -l" has been
                    369:    fixed.
                    370: 
                    371:  * Sudo will now create an entry in the utmp (or utmpx) file when
                    372:    allocating a pseudo-tty (e.g. when logging I/O).  The "set_utmp"
                    373:    and "utmp_runas" sudoers file options can be used to control this.
                    374:    Other policy plugins may use the "set_utmp" and "utmp_user"
                    375:    entries in the command_info list.
                    376: 
                    377:  * The sudoers policy now stores the TSID field in the logs
                    378:    even when the "iolog_file" sudoers option is defined to a value
                    379:    other than %{sessid}.  Previously, the TSID field was only
                    380:    included in the log file when the "iolog_file" option was set
                    381:    to its default value.
                    382: 
                    383:  * The sudoreplay utility now supports arbitrary session IDs.
                    384:    Previously, it would only work with the base-36 session IDs
                    385:    that the sudoers plugin uses by default.
                    386: 
                    387:  * Sudo now passes "run_shell=true" to the policy plugin in the
                    388:    settings list when sudo's -s command line option is specified.
                    389:    The sudoers policy plugin uses this to implement the "set_home"
                    390:    sudoers option which was missing from sudo 1.8.0.
                    391: 
                    392:  * The "noexec" functionality has been moved out of the sudoers
                    393:    policy plugin and into the sudo front-end, which matches the
                    394:    behavior documented in the plugin writer's guide.  As a result,
                    395:    the path to the noexec file is now specified in the sudo.conf
                    396:    file instead of the sudoers file.
                    397: 
                    398:  * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
                    399:    implement the "noexec" feature.  Previously, this was implemented
                    400:    via the LD_PRELOAD environment variable.
                    401: 
                    402:  * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
                    403:    have been fixed in the sudoers policy plugin.
                    404: 
                    405:  * The sudoers policy plugin now passes the login class, if any,
                    406:    back to the sudo front-end.
                    407: 
                    408:  * The sudoers policy plugin was not being linked with requisite
                    409:    libraries in certain configurations.
                    410: 
                    411:  * Sudo now parses command line arguments before loading any plugins.
                    412:    This allows "sudo -V" or "sudo -h" to work even if there is a problem
                    413:    with sudo.conf
                    414: 
                    415:  * Plugins are now linked with the static version of libgcc to allow
                    416:    the plugin to run on a system where no shared libgcc is installed,
                    417:    or where it is installed in a different location.
                    418: 
                    419: What's new in Sudo 1.8.0?
                    420: 
                    421:  * Sudo has been refactored to use a modular framework that can
                    422:    support third-party policy and I/O logging plugins.  The default
                    423:    plugin is "sudoers" which provides the traditional sudo functionality.
                    424:    See the sudo_plugin manual for details on the plugin API and the
                    425:    sample in the plugins directory for a simple example.
                    426: 
                    427: What's new in Sudo 1.7.5?
                    428: 
                    429:  * When using visudo in check mode, a file named "-" may be used to
                    430:    check sudoers data on the standard input.
                    431: 
                    432:  * Sudo now only fetches shadow password entries when using the
                    433:    password database directly for authentication.
                    434: 
                    435:  * Password and group entries are now cached using the same key
                    436:    that was used to look them up.  This fixes a problem when looking
                    437:    up entries by name if the name in the retrieved entry does not
                    438:    match the name used to look it up.  This may happen on some systems
                    439:    that do case insensitive lookups or that truncate long names.
                    440: 
                    441:  * GCC will no longer display warnings on glibc systems that use
                    442:    the warn_unused_result attribute for write(2) and other system calls.
                    443: 
                    444:  * If a PAM account management module denies access, sudo now prints
                    445:    a more useful error message and stops trying to validate the user.
                    446: 
                    447:  * Fixed a potential hang on idle systems when the sudo-run process
                    448:    exits immediately.
                    449: 
                    450:  * Sudo now includes a copy of zlib that will be used on systems
                    451:    that do not have zlib installed.
                    452: 
                    453:  * The --with-umask-override configure flag has been added to enable
                    454:    the "umask_override" sudoers Defaults option at build time.
                    455: 
                    456:  * Sudo now unblocks all signals on startup to avoid problems caused
                    457:    by the parent process changing the default signal mask.
                    458: 
                    459:  * LDAP Sudoers entries may now specify a time period for which
                    460:    the entry is valid.  This requires an updated sudoers schema
                    461:    that includes the sudoNotBefore and sudoNotAfter attributes.
                    462:    Support for timed entries must be explicitly enabled in the
                    463:    ldap.conf file.  Based on changes from Andreas Mueller.
                    464: 
                    465:  * LDAP Sudoers entries may now specify a sudoOrder attribute that
                    466:    determines the order in which matching entries are applied.  The
                    467:    last matching entry is used, just like file-based sudoers.  This
                    468:    requires an updated sudoers schema that includes the sudoOrder
                    469:    attribute.  Based on changes from Andreas Mueller.
                    470: 
                    471:  * When run as sudoedit, or when given the -e flag, sudo now treats
                    472:    command line arguments as pathnames.  This means that slashes
                    473:    in the sudoers file entry must explicitly match slashes in
                    474:    the command line arguments.  As a result, and entry such as:
                    475:        user ALL = sudoedit /etc/*
                    476:    will allow editing of /etc/motd but not /etc/security/default.
                    477: 
                    478:  * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
                    479:    compatibility with OpenLDAP configuration files.
                    480: 
                    481:  * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
                    482: 
                    483:  * The I/O log directory may now be specified in the sudoers file.
                    484: 
                    485:  * Sudo will no longer refuse to run if the sudoers file is writable
                    486:    by root.
                    487: 
                    488:  * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
                    489:    after validating the command so the sudoers entries do not need
                    490:    to include the backslashes.
                    491: 
                    492:  * Logging and email sending are now done in the locale specified
                    493:    by the "sudoers_locale" setting ("C" by default).  Email send by
                    494:    sudo now includes MIME headers when "sudoers_locale" is not "C".
                    495: 
                    496:  * The configure script has a new option, --disable-env-reset, to
                    497:    allow one to change the default for the sudoers Default setting
                    498:    "env_reset" at compile time.
                    499: 
                    500:  * When logging "sudo -l command", sudo will now prepend "list "
                    501:    to the command in the log line to distinguish between an
                    502:    actual command invocation in the logs.
                    503: 
                    504:  * Double-quoted group and user names may now include escaped double
                    505:    quotes as part of the name.  Previously this was a parse error.
                    506: 
                    507:  * Sudo once again restores the state of the signal handlers it
                    508:    modifies before executing the command.  This allows sudo to be
                    509:    used with the nohup command.
                    510: 
                    511:  * Resuming a suspended shell now works properly when I/O logging
                    512:    is not enabled (the I/O logging case was already correct).
                    513: 
                    514: What's new in Sudo 1.7.4p6?
                    515: 
                    516:  * A bug has been fixed in the I/O logging support that could cause
                    517:    visual artifacts in full-screen programs such as text editors.
                    518: 
                    519: What's new in Sudo 1.7.4p5?
                    520: 
                    521:  * A bug has been fixed that would allow a command to be run without the
                    522:    user entering a password when sudo's -g flag is used without the -u flag.
                    523: 
                    524:  * If user has no supplementary groups, sudo will now fall back on checking
                    525:    the group file explicitly, which restores historic sudo behavior.
                    526: 
                    527:  * A crash has been fixed when sudo's -g flag is used without the -u flag
                    528:    and the sudoers file contains an entry with no runas user or group listed.
                    529: 
                    530:  * A crash has been fixed when the Solaris project support is enabled
                    531:    and sudo's -g flag is used without the -u flag.
                    532: 
                    533:  * Sudo no longer exits with an error when support for auditing is
                    534:    compiled in but auditing is not enabled.
                    535: 
                    536:  * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
                    537:    being honored when the "targetpw" sudoers Defaults option was enabled.
                    538: 
                    539:  * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
                    540: 
                    541:  * A crash has been fixed in "sudo -l" when sudo is built with auditing
                    542:    support and the user is not allowed to run any commands on the host.
                    543: 
                    544: What's new in Sudo 1.7.4p4?
                    545: 
                    546:  * A potential security issue has been fixed with respect to the handling
                    547:    of sudo's -g command line option when -u is also specified.  The flaw
                    548:    may allow an attacker to run commands as a user that is not authorized
                    549:    by the sudoers file.
                    550: 
                    551:  * A bug has been fixed where "sudo -l" output was incomplete if multiple
                    552:    sudoers sources were defined in nsswitch.conf and there was an error
                    553:    querying one of the sources.
                    554: 
                    555:  * The log_input, log_output, and use_pty sudoers options now work correctly
                    556:    on AIX.  Previously, sudo would hang if they were enabled.
                    557: 
                    558:  * The "make install" target now works correctly when sudo is built in a
                    559:    directory other than the source directory.
                    560: 
                    561:  * The "runas_default" sudoers setting now works properly in a per-command
                    562:    Defaults line.
                    563: 
                    564:  * Suspending and resuming the bash shell when PAM is in use now works
                    565:    correctly.  The SIGCONT signal was not propagated to the child process.
                    566: 
                    567: What's new in Sudo 1.7.4p3?
                    568: 
                    569:  * A bug has been fixed where duplicate HOME environment variables could be
                    570:    present when the env_reset setting was disabled and the always_set_home
                    571:    setting was enabled in sudoers.
                    572: 
                    573:  * The value of sysconfdir is now substituted into the path to the sudoers.d
                    574:    directory in the installed sudoers file.
                    575: 
                    576:  * Compilation problems on IRIX and other platforms have been fixed.
                    577: 
                    578:  * If multiple PAM "auth" actions are specified and the user enters ^C at
                    579:    the password prompt, sudo will no longer prompt for a password for any
                    580:    subsequent "auth" actions.  Previously it was necessary to enter ^C for
                    581:    each "auth" action.
                    582: 
                    583: What's new in Sudo 1.7.4p2?
                    584: 
                    585:  * A bug where sudo could spin in a busy loop waiting for the child process
                    586:    has been fixed.
                    587: 
                    588: What's new in Sudo 1.7.4p1?
                    589: 
                    590:  * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
                    591:    functioning when the tty_tickets sudoers option is enabled has been fixed.
                    592: 
                    593:  * Sudo no longer prints a warning when the -k or -K options are specified
                    594:    and the ticket file does not exist.
                    595: 
                    596:  * It is now easier to cross-compile sudo.
                    597: 
                    598: What's new in Sudo 1.7.4?
                    599: 
                    600:  * Sudoedit will now preserve the file extension in the name of the
                    601:    temporary file being edited.  The extension is used by some
                    602:    editors (such as emacs) to choose the editing mode.
                    603: 
                    604:  * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
                    605:    /var/lib/sudo or /var/adm/sudo.  The directories are checked for
                    606:    existence in that order.  This prevents users from receiving the
                    607:    sudo lecture every time the system reboots.  Time stamp files older
                    608:    than the boot time are ignored on systems where it is possible to
                    609:    determine this.
                    610: 
                    611:  * The tty_tickets sudoers option is now enabled by default.
                    612: 
                    613:  * Ancillary documentation (README files, LICENSE, etc) is now installed
                    614:    in a sudo documentation directory.
                    615: 
                    616:  * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
                    617:    in ldap.conf.
                    618: 
                    619:  * Defaults settings that are tied to a user, host or command may
                    620:    now include the negation operator.  For example:
                    621:        Defaults:!millert lecture
                    622:    will match any user but millert.
                    623: 
                    624:  * The default PATH environment variable, used when no PATH variable
                    625:     exists, now includes /usr/sbin and /sbin.
                    626: 
                    627:  * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
                    628:    for cross-platform packing.
                    629: 
                    630:  * On Linux, sudo will now restore the nproc resource limit before
                    631:    executing a command, unless the limit appears to have been modified
                    632:    by pam_limits.  This avoids a problem with bash scripts that open
                    633:    more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
                    634:    will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
                    635: 
                    636:  * The HOME and MAIL environment variables are now reset based on the
                    637:    target user's password database entry when the env_reset sudoers option
                    638:    is enabled (which is the case in the default configuration).  Users
                    639:    wishing to preserve the original values should use a sudoers entry like:
                    640:        Defaults env_keep += HOME
                    641:    to preserve the old value of HOME and
                    642:        Defaults env_keep += MAIL
                    643:    to preserve the old value of MAIL.
                    644: 
                    645:  * Fixed a problem in the restoration of the AIX authdb registry setting.
                    646: 
                    647:  * Sudo will now fork(2) and wait until the command has completed before
                    648:    calling pam_close_session().
                    649: 
                    650:  * The default syslog facility is now "authpriv" if the operating system
                    651:    supports it, else "auth".
                    652: 
                    653: What's new in Sudo 1.7.3?
                    654: 
                    655:  * Support for logging I/O for the command being run.
                    656:    For more information, see the documentation for the "log_input"
                    657:    and "log_output" Defaults options in the sudoers manual.  Also
                    658:    see the sudoreplay manual for how to replay I/O log sessions.
                    659: 
                    660:  * The use_pty sudoers option can be used to force a command to be
                    661:    run in a pseudo-pty, even when I/O logging is not enabled.
                    662: 
                    663:  * On some systems, sudo can now detect when a user has logged out
                    664:    and back in again when tty-based time stamps are in use.  Supported
                    665:    systems include Solaris systems with the devices file system,
                    666:    Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
                    667:    only).
                    668: 
                    669:  * On AIX systems, the registry setting in /etc/security/user is
                    670:    now taken into account when looking up users and groups.  Sudo
                    671:    now applies the correct the user and group ids when running a
                    672:    command as a user whose account details come from a different
                    673:    source (e.g. LDAP or DCE vs.  local files).
                    674: 
                    675:  * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
                    676:    When multiple entries are listed, sudo will try each one in the
                    677:    order in which they are specified.
                    678: 
                    679:  * Sudo's SELinux support should now function correctly when running
                    680:    commands as a non-root user and when one of stdin, stdout or stderr
                    681:    is not a terminal.
                    682: 
                    683:  * Sudo will now use the Linux audit system with configure with
                    684:    the --with-linux-audit flag.
                    685: 
                    686:  * Sudo now uses mbr_check_membership() on systems that support it
                    687:    to determine group membership.  Currently, only Darwin (Mac OS X)
                    688:    supports this.
                    689: 
                    690:  * When the tty_tickets sudoers option is enabled but there is no
                    691:    terminal device, sudo will no longer use or create a tty-based
                    692:    ticket file.  Previously, sudo would use a tty name of "unknown".
                    693:    As a consequence, if a user has no terminal device, sudo will
                    694:    now always prompt for a password.
                    695: 
                    696:  * The passwd_timeout and timestamp_timeout options may now be
                    697:    specified as floating point numbers for more granular timeout
                    698:    values.
                    699: 
                    700:  * Negating the fqdn option in sudoers now works correctly when sudo
                    701:    is configured with the --with-fqdn option.  In previous versions
                    702:    of sudo the fqdn was set before sudoers was parsed.
                    703: 
                    704: What's new in Sudo 1.7.2?
                    705: 
                    706:  * A new #includedir directive is available in sudoers.  This can be
                    707:    used to implement an /etc/sudo.d directory.  Files in an includedir
                    708:    are not edited by visudo unless they contain a syntax error.
                    709: 
                    710:  * The -g option did not work properly when only setting the group
                    711:    (and not the user).  Also, in -l mode the wrong user was displayed
                    712:    for sudoers entries where only the group was allowed to be set.
                    713: 
                    714:  * Fixed a problem with the alias checking in visudo which
                    715:    could prevent visudo from exiting.
                    716: 
                    717:  * Sudo will now correctly parse the shell-style /etc/environment
                    718:    file format used by pam_env on Linux.
                    719: 
                    720:  * When doing password and group database lookups, sudo will only
                    721:    cache an entry by name or by id, depending on how the entry was
                    722:    looked up.  Previously, sudo would cache by both name and id
                    723:    from a single lookup, but this breaks sites that have multiple
                    724:    password or group database names that map to the same uid or
                    725:    gid.
                    726: 
                    727:  * User and group names in sudoers may now be enclosed in double
                    728:    quotes to avoid having to escape special characters.
                    729: 
                    730:  * BSM audit fixes when changing to a non-root uid.
                    731: 
                    732:  * Experimental non-Unix group support.  Currently only works with
                    733:    Quest Authorization Services and allows Active Directory groups
                    734:    fixes for Minix-3.
                    735: 
                    736:  * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
                    737:    paths may be specified as a directory or a file.  However, version
                    738:    5.0 of the SDK only appears to support using a directory (despite
                    739:    documentation to the contrary).  If SSL client initialization
                    740:    fails and the certificate or key paths look like they could be
                    741:    default file name, strip off the last path element and try again.
                    742: 
                    743:  * A setenv() compatibility fix for Linux systems, where a NULL
                    744:    value is treated the same as an empty string and the variable
                    745:    name is checked against the NULL pointer.
                    746: 
                    747: What's new in Sudo 1.7.1?
                    748: 
                    749:  * A new Defaults option "pwfeedback" will cause sudo to provide visual
                    750:    feedback when the user is entering a password.
                    751: 
                    752:  * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
                    753:    function for file name globbing instead of glob().  When this option
                    754:    is enabled, sudo will not check the file system when expanding wildcards.
                    755:    This is faster but a side effect is that relative paths with wildcard
                    756:    will no longer work.
                    757: 
                    758:  * New BSM audit support for systems that support it such as FreeBSD
                    759:    and Mac OS X.
                    760: 
                    761:  * The file name specified with the #include directive may now include
                    762:    a %h escape which is expanded to the short form of hostname.
                    763: 
                    764:  * The -k flag may now be specified along with a command, causing the
                    765:    user's timestamp file to be ignored.
                    766: 
                    767:  * New support for Tivoli-based LDAP START_TLS, present in AIX.
                    768: 
                    769:  * New support for /etc/netsvc.conf on AIX.
                    770: 
                    771:  * The unused alias checks in visudo now handle the case of an alias
                    772:    referring to another alias.
                    773: 
                    774: What's new in Sudo 1.7.0?
                    775: 
                    776:  * Rewritten parser that converts sudoers into a set of data structures.
                    777:    This eliminates a number of ordering issues and makes it possible to
                    778:    apply sudoers Defaults entries before searching for the command.
                    779:    It also adds support for per-command Defaults specifications.
                    780: 
                    781:  * Sudoers now supports a #include facility to allow the inclusion of other
                    782:    sudoers-format files.
                    783: 
                    784:  * Sudo's -l (list) flag has been enhanced:
                    785:     o applicable Defaults options are now listed
                    786:     o a command argument can be specified for testing whether a user
                    787:       may run a specific command.
                    788:     o a new -U flag can be used in conjunction with "sudo -l" to allow
                    789:       root (or a user with "sudo ALL") list another user's privileges.
                    790: 
                    791:  * A new -g flag has been added to allow the user to specify a
                    792:    primary group to run the command as.  The sudoers syntax has been
                    793:    extended to include a group section in the Runas specification.
                    794: 
                    795:  * A uid may now be used anywhere a username is valid.
                    796: 
                    797:  * The "secure_path" run-time Defaults option has been restored.
                    798: 
                    799:  * Password and group data is now cached for fast lookups.
                    800: 
                    801:  * The file descriptor at which sudo starts closing all open files is now
                    802:    configurable via sudoers and, optionally, the command line.
                    803: 
                    804:  * Visudo will now warn about aliases that are defined but not used.
                    805: 
                    806:  * The -i and -s command line flags now take an optional command
                    807:    to be run via the shell.  Previously, the argument was passed
                    808:    to the shell as a script to run.
                    809: 
                    810:  * Improved LDAP support.  SASL authentication may now be used in
                    811:    conjunction when connecting to an LDAP server.  The krb5_ccname
                    812:    parameter in ldap.conf may be used to enable Kerberos.
                    813: 
                    814:  * Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
                    815:    to specify the sudoers order.  E.g.:
                    816:        sudoers: ldap files
                    817:    to check LDAP, then /etc/sudoers.  The default is "files", even
                    818:    when LDAP support is compiled in.  This differs from sudo 1.6
                    819:    where LDAP was always consulted first.
                    820: 
                    821:  * Support for /etc/environment on AIX and Linux.  If sudo is run
                    822:    with the -i flag, the contents of /etc/environment are used to
                    823:    populate the new environment that is passed to the command being
                    824:    run.
                    825: 
                    826:  * If no terminal is available or if the new -A flag is specified,
                    827:    sudo will use a helper program to read the password if one is
                    828:    configured.  Typically, this is a graphical password prompter
                    829:    such as ssh-askpass.
                    830: 
                    831:  * A new Defaults option, "mailfrom" that sets the value of the
                    832:    "From:" field in the warning/error mail.  If unspecified, the
                    833:    login name of the invoking user is used.
                    834: 
                    835:  * A new Defaults option, "env_file" that refers to a file containing
                    836:    environment variables to be set in the command being run.
                    837: 
                    838:  * A new flag, -n, may be used to indicate that sudo should not
                    839:    prompt the user for a password and, instead, exit with an error
                    840:    if authentication is required.
                    841: 
                    842:  * If sudo needs to prompt for a password and it is unable to disable
                    843:    echo (and no askpass program is defined), it will refuse to run
                    844:    unless the "visiblepw" Defaults option has been specified.
                    845: 
                    846:  * Prior to version 1.7.0, hitting enter/return at the Password: prompt
                    847:    would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
                    848:    an empty password.  To exit sudo, the user must press ^C or ^D
                    849:    at the prompt.
                    850: 
                    851:  * visudo will now check the sudoers file owner and mode in -c (check)
                    852:    mode when the -s (strict) flag is specified.
                    853: 
                    854:  * A new Defaults option "umask_override" will cause sudo to set the
                    855:    umask specified in sudoers even if it is more permissive than the
                    856:    invoking user's umask.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>