Annotation of embedaddon/sudo/NEWS, revision 1.1.1.5

1.1.1.5 ! misho       1: What's new in Sudo 1.8.8?
        !             2: 
        !             3:  * Removed a warning on PAM systems with stacked auth modules
        !             4:    where the first module on the stack does not succeed.
        !             5: 
        !             6:  * Sudo, sudoreplay and visudo now support GNU-style long options.
        !             7: 
        !             8:  * The -h (--host) option may now be used to specify a host name.
        !             9:    This is currently only used by the sudoers plugin in conjunction
        !            10:    with the -l (--list) option.
        !            11: 
        !            12:  * Program usage messages and manual SYNOPSIS sections have been
        !            13:    simplified.
        !            14: 
        !            15:  * Sudo's LDAP SASL support now works properly with Kerberos.
        !            16:    Previously, the SASL library was unable to locate the user's
        !            17:    credential cache.
        !            18: 
        !            19:  * It is now possible to set the nproc resource limit to unlimited
        !            20:    via pam_limits on Linux (bug #565).
        !            21: 
        !            22:  * New "pam_service" and "pam_login_service" sudoers options
        !            23:    that can be used to specify the PAM service name to use.
        !            24: 
        !            25:  * New "pam_session" and "pam_setcred" sudoers options that
        !            26:    can be used to disable PAM session and credential support.
        !            27: 
        !            28:  * The sudoers plugin now properly supports UIDs and GIDs
        !            29:    that are larger than 0x7fffffff on 32-bit platforms.
        !            30: 
        !            31:  * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
        !            32:    Defaults entries would cause an internal error.
        !            33: 
        !            34:  * If the "tty_tickets" sudoers option is enabled (the default),
        !            35:    but there is no tty present, sudo will now use a ticket file
        !            36:    based on the parent process ID.  This makes it possible to support
        !            37:    the normal timeout behavior for the session.
        !            38: 
        !            39:  * Fixed a problem running commands that change their process
        !            40:    group and then attempt to change the terminal settings when not
        !            41:    running the command in a pseudo-terminal.  Previously, the process
        !            42:    would receive SIGTTOU since it was effectively a background
        !            43:    process.  Sudo will now grant the child the controlling tty and
        !            44:    continue it when this happens.
        !            45: 
        !            46:  * The "closefrom_override" sudoers option may now be used in
        !            47:    a command-specified Defaults entry (bug #610).
        !            48: 
        !            49:  * Sudo's BSM audit support now works on Solaris 11.
        !            50: 
        !            51:  * Brazilian Portuguese translation for sudo and sudoers from
        !            52:    translationproject.org.
        !            53: 
        !            54:  * Czech translation for sudo from translationproject.org.
        !            55: 
        !            56:  * French translation for sudo from translationproject.org.
        !            57: 
        !            58:  * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
        !            59:    symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
        !            60:    which causes issues with some programs.
        !            61: 
        !            62:  * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
        !            63: 
        !            64:  * Root may no longer change its SELinux role without entering
        !            65:    a password.
        !            66: 
        !            67:  * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
        !            68:    to the I/O log timing file are two greater than they should be.
        !            69:    Sudoreplay now contains a work-around to parse those files.
        !            70: 
        !            71:  * In sudoreplay's list mode, the "this" qualifier in "fromdate"
        !            72:    or "todate" expressions now behaves more sensibly.  Previously,
        !            73:    it would often match a date that was "one more" than expected.
        !            74:    For example, "this week" now matches the current week instead
        !            75:    of the following week.
        !            76: 
1.1.1.4   misho      77: What's new in Sudo 1.8.7?
                     78: 
                     79:  * The non-Unix group plugin is now supported when sudoers data
                     80:    is stored in LDAP.
                     81: 
                     82:  * Sudo now uses a workaround for a locale bug on Solaris 11.0
                     83:    that prevents setuid programs like sudo from fully using locales.
                     84: 
                     85:  * User messages are now always displayed in the user's locale,
                     86:    even when the same message is being logged or mailed in a
                     87:    different locale.
                     88: 
                     89:  * Log files created by sudo now explicitly have the group set
                     90:    to group ID 0 rather than relying on BSD group semantics (which
                     91:    may not be the default).
                     92: 
                     93:  * A new "exec_background" sudoers option can be used to initially
                     94:    run the command without read access to the terminal when running
                     95:    a command in a pseudo-tty.  If the command tries to read from
                     96:    the terminal it will be stopped by the kernel (via SIGTTIN or
1.1.1.5 ! misho      97:    SIGTTOU) and sudo will immediately restart it as the foreground
1.1.1.4   misho      98:    process (if possible).  This allows sudo to only pass terminal
                     99:    input to the program if the program actually is expecting it.
                    100:    Unfortunately, a few poorly-behaved programs (like "su" on most
                    101:    Linux systems) do not handle SIGTTIN and SIGTTOU properly.
                    102: 
                    103:  * Sudo now uses an efficient group query to get all the groups
                    104:    for a user instead of iterating over every record in the group
                    105:    database on HP-UX and Solaris.
                    106: 
                    107:  * Sudo now produces better error messages when there is an error
                    108:    in the sudo.conf file.
                    109: 
                    110:  * Two new settings have been added to sudo.conf to give the admin
                    111:    better control of how group database queries are performed.  The
                    112:    "group_source" specifies how the group list for a user will be
                    113:    determined.  Legal values are "static" (use the kernel groups
                    114:    list), "dynamic" (perform a group database query) and "adaptive"
                    115:    (only perform a group database query if the kernel list is full).
1.1.1.5 ! misho     116:    The "max_groups" setting specifies the maximum number of groups
        !           117:    a user may belong to when performing a group database query.
1.1.1.4   misho     118: 
                    119:  * The sudo.conf file now supports line continuation by using a
                    120:    backslash as the last character on the line.
                    121: 
                    122:  * There is now a standalone sudo.conf manual page.
                    123: 
1.1.1.5 ! misho     124:  * Sudo now stores its libexec files in a "sudo" sub-directory instead
1.1.1.4   misho     125:    of in libexec itself. For backwards compatibility, if the plugin
                    126:    is not found in the default plugin directory, sudo will check
                    127:    the parent directory if the default directory ends in "/sudo".
                    128: 
                    129:  * The sudoers I/O logging plugin now logs the terminal size.
                    130: 
                    131:  * A new sudoers option "maxseq" can be used to limit the number of
                    132:    I/O log entries that are stored.
                    133: 
                    134:  * The "system_group" and "group_file" sudoers group provider plugins
                    135:    are now installed by default.
                    136: 
                    137:  * The list output (sudo -l) output from the sudoers plugin is now
                    138:    less ambiguous when an entry includes different runas users.
                    139:    The long list output (sudo -ll) for file-based sudoers is now
                    140:    more consistent with the format of LDAP-based sudoers.
                    141: 
                    142:  * A uid may now be used in the sudoRunAsUser attributes for LDAP
                    143:    sudoers.
                    144: 
                    145:  * Minor plugin API change: the close and version functions are now
                    146:    optional.  If the policy plugin does not provide a close function
                    147:    and the command is not being run in a new pseudo-tty, sudo may
                    148:    now execute the command directly instead of in a child process.
                    149: 
                    150:  * A new sudoers option "pam_session" can be used to disable sudo's
                    151:    PAM session support.
                    152: 
                    153:  * On HP-UX systems, sudo will now use the pstat() function to
                    154:    determine the tty instead of ttyname().
                    155: 
                    156:  * Turkish translation for sudo and sudoers from translationproject.org.
                    157: 
                    158:  * Dutch translation for sudo and sudoers from translationproject.org.
                    159: 
                    160:  * Tivoli Directory Server client libraries may now be used with
                    161:    HP-UX where libibmldap has a hidden dependency on libCsup.
                    162: 
                    163:  * The sudoers plugin will now ignore invalid domain names when
                    164:    checking netgroup membership.  Most Linux systems use the string
                    165:    "(none)" for the NIS-style domain name instead of an empty string.
                    166: 
                    167:  * New support for specifying a SHA-2 digest along with the command
                    168:    in sudoers.  Supported hash types are sha224, sha256, sha384 and
                    169:    sha512.  See the description of Digest_Spec in the sudoers manual
                    170:    or the description of sudoCommand in the sudoers.ldap manual for
                    171:    details.
                    172: 
                    173:  * The paths to ldap.conf and ldap.secret may now be specified as
                    174:    arguments to the sudoers plugin in the sudo.conf file.
                    175: 
                    176:  * Fixed potential false positives in visudo's alias cycle detection.
                    177: 
                    178:  * Fixed a problem where the time stamp file was being treated
                    179:    as out of date on Linux systems where the change time on the
                    180:    pseudo-tty device node can change after it is allocated.
                    181: 
                    182:  * Sudo now only builds Position Independent Executables (PIE)
                    183:    by default on Linux systems and verifies that a trivial test
                    184:    program builds and runs.
                    185: 
                    186:  * On Solaris 11.1 and higher, sudo binaries will now have the
                    187:    ASLR tag enabled if supported by the linker.
                    188: 
                    189: What's new in Sudo 1.8.6p8?
                    190: 
                    191:  * Terminal detection now works properly on 64-bit AIX kernels.
                    192:    This was broken by the removal of the ttyname() fallback in Sudo
                    193:    1.8.6p6.  Sudo is now able to map an AIX 64-bit device number
                    194:    to the corresponding device file in /dev.
                    195: 
                    196:  * Sudo now checks for crypt() returning NULL when performing
                    197:    passwd-based authentication.
                    198: 
                    199: What's new in Sudo 1.8.6p7?
                    200: 
                    201:  * A time stamp file with the date set to the epoch by "sudo -k"
                    202:    is now completely ignored regardless of what the local clock is
                    203:    set to.  Previously, if the local clock was set to a value between
                    204:    the epoch and the time stamp timeout value, a time stamp reset
                    205:    by "sudo -k" would be considered current.
                    206: 
                    207:  * The tty-specific time stamp file now includes the session ID
                    208:    of the sudo process that created it.  If a process with the same
                    209:    tty but a different session ID runs sudo, the user will now be
                    210:    prompted for a password (assuming authentication is required for
                    211:    the command).
                    212: 
                    213: What's new in Sudo 1.8.6p6?
                    214: 
                    215:  * On systems where the controlling tty can be determined via /proc
                    216:    or sysctl(), sudo will no longer fall back to using ttyname()
                    217:    if the process has no controlling tty.  This prevents sudo from
                    218:    using a non-controlling tty for logging and time stamp purposes.
                    219: 
                    220: What's new in Sudo 1.8.6p5?
                    221: 
                    222:  * Fixed a potential crash in visudo's alias cycle detection.
                    223: 
                    224:  * Improved performance on Solaris when retrieving the group list
                    225:    for the target user.  On systems with a large number of groups
                    226:    where the group database is not local (NIS, LDAP, AD), fetching
                    227:    the group list could take a minute or more.
                    228: 
                    229: What's new in Sudo 1.8.6p4?
                    230: 
                    231:  * The -fstack-protector is now used when linking visudo, sudoreplay
                    232:    and testsudoers.
                    233: 
                    234:  * Avoid building PIE binaries on FreeBSD/ia64 as they don't run
                    235:    properly.
                    236: 
                    237:  * Fixed a crash in visudo strict mode when an unknown Defaults
                    238:    setting is encountered.
                    239: 
                    240:  * Do not inform the user that the command was not permitted by the
                    241:    policy if they do not successfully authenticate. This is a
                    242:    regression introduced in sudo 1.8.6.
                    243: 
                    244:  * Allow sudo to be build with sss support without also including
                    245:    ldap support.
                    246: 
                    247:  * Fix running commands that need the terminal in the background
                    248:    when I/O logging is enabled. E.g. "sudo vi &". When the command
                    249:    is foregrounded, it will now resume properly.
                    250: 
1.1.1.3   misho     251: What's new in Sudo 1.8.6p3?
                    252: 
                    253:  * Fixed post-processing of the man pages on systems with legacy
                    254:    versions of sed.
                    255: 
                    256:  * Fixed "sudoreplay -l" on Linux systems with file systems that
                    257:    set DT_UNKNOWN in the d_type field of struct dirent.
                    258: 
                    259: What's new in Sudo 1.8.6p2?
                    260: 
                    261:  * Fixed suspending a command after it has already been resumed
                    262:    once when I/O logging (or use_pty) is not enabled.
                    263:    This was a regression introduced in version 1.8.6.
                    264: 
                    265: What's new in Sudo 1.8.6p1?
                    266: 
                    267:  * Fixed the setting of LOGNAME, USER and USERNAME variables in the
                    268:    command's environment when env_reset is enabled (the default).
                    269:    This was a regression introduced in version 1.8.6.
                    270: 
                    271:  * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
                    272: 
                    273: What's new in Sudo 1.8.6?
                    274: 
                    275:  * Sudo is now built with the -fstack-protector flag if the the
                    276:    compiler supports it.  Also, the -zrelro linker flag is used if
                    277:    supported.  The --disable-hardening configure option can be used
                    278:    to build sudo without stack smashing protection.
                    279: 
                    280:  * Sudo is now built as a Position Independent Executable (PIE)
                    281:    if supported by the compiler and linker.
                    282: 
                    283:  * If the user is a member of the "exempt" group in sudoers, they
                    284:    will no longer be prompted for a password even if the -k flag
                    285:    is specified with the command.  This makes "sudo -k command"
                    286:    consistent with the behavior one would get if the user ran "sudo
                    287:    -k" immediately before running the command.
                    288: 
                    289:  * The sudoers file may now be a symbolic link.  Previously, sudo
                    290:    would refuse to read sudoers unless it was a regular file.
                    291: 
                    292:  * The sudoreplay command can now properly replay sessions where
                    293:    no tty was present.
                    294: 
                    295:  * The sudoers plugin now takes advantage of symbol visibility
                    296:    controls when supported by the compiler or linker.  As a result,
                    297:    only a small number of symbols are exported which significantly
                    298:    reduces the chances of a conflict with other shared objects.
                    299: 
                    300:  * Improved support for the Tivoli Directory Server LDAP client
                    301:    libraries.  This includes support for using LDAP over SSL (ldaps)
                    302:    as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
                    303:    ldap.conf options.  A new ldap.conf option, TLS_KEYPW can be
                    304:    used to specify a password to decrypt the key database.
                    305: 
1.1.1.4   misho     306:  * When constructing a time filter for use with LDAP sudoNotBefore
1.1.1.3   misho     307:    and sudoNotAfter attributes, the current time now includes tenths
                    308:    of a second.  This fixes a problem with timed entries on Active
                    309:    Directory.
                    310: 
                    311:  * If a user fails to authenticate and the command would be rejected
                    312:    by sudoers, it is now logged with "command not allowed" instead
                    313:    of "N incorrect password attempts".  Likewise, the "mail_no_perms"
                    314:    sudoers option now takes precedence over "mail_badpass".
                    315: 
                    316:  * The sudo manuals are now formatted using the mdoc macros.  Versions
                    317:    using the legacy man macros are provided for systems that lack mdoc.
                    318: 
                    319:  * New support for Solaris privilege sets.  This makes it possible
                    320:    to specify fine-grained privileges in the sudoers file on Solaris
                    321:    10 and above.  A Runas_Spec that contains no Runas_Lists can be
                    322:    used to give a user the ability to run a command as themselves
                    323:    but with an expanded privilege set.
                    324: 
                    325:  * Fixed a problem with the reboot and shutdown commands on some
                    326:    systems (such as HP-UX and BSD).  On these systems, reboot sends
                    327:    all processes (except itself) SIGTERM.  When sudo received
                    328:    SIGTERM, it would relay it to the reboot process, thus killing
                    329:    reboot before it had a chance to actually reboot the system.
                    330: 
                    331:  * Support for using the System Security Services Daemon (SSSD) as
                    332:    a source of sudoers data.
                    333: 
                    334:  * Slovenian translation for sudo and sudoers from translationproject.org.
                    335: 
                    336:  * Visudo will now warn about unknown Defaults entries that are
                    337:    per-host, per-user, per-runas or per-command.
                    338: 
                    339:  * Fixed a race condition that could cause sudo to receive SIGTTOU
                    340:    (and stop) when resuming a shell that was run via sudo when I/O
                    341:    logging (and use_pty) is not enabled.
                    342: 
                    343:  * Sending SIGTSTP directly to the sudo process will now suspend the
                    344:    running command when I/O logging (and use_pty) is not enabled.
                    345: 
                    346: What's new in Sudo 1.8.5p3?
                    347: 
                    348:  * Fixed the loading of I/O plugins that conform to a plugin API
                    349:    version older than 1.2.
                    350: 
                    351: What's new in Sudo 1.8.5p2?
                    352: 
                    353:  * Fixed use of the SUDO_ASKPASS environment variable which was
                    354:    broken in Sudo 1.8.5.
                    355: 
                    356:  * Fixed a problem reading the sudoers file when the file mode is
                    357:    more restrictive than the expected mode.  For example, when the
                    358:    expected sudoers file mode is 0440 but the actual mode is 0400.
                    359: 
1.1.1.2   misho     360: What's new in Sudo 1.8.5p1?
                    361: 
                    362:  * Fixed a bug that prevented files in an include directory from
                    363:    being evaluated.
                    364: 
                    365: What's new in Sudo 1.8.5?
                    366: 
                    367:  * When "noexec" is enabled, sudo_noexec.so will now be prepended
                    368:    to any existing LD_PRELOAD variable instead of replacing it.
                    369: 
                    370:  * The sudo_noexec.so shared library now wraps the execvpe(),
                    371:    exect(), posix_spawn() and posix_spawnp() functions.
                    372: 
                    373:  * The user/group/mode checks on sudoers files have been relaxed.
                    374:    As long as the file is owned by the sudoers uid, not world-writable
                    375:    and not writable by a group other than the sudoers gid, the file
                    376:    is considered OK.  Note that visudo will still set the mode to
                    377:    the value specified at configure time.
                    378: 
                    379:  * It is now possible to specify the sudoers path, uid, gid and
                    380:    file mode as options to the plugin in the sudo.conf file.
                    381: 
                    382:  * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
                    383:    translations from translationproject.org.
                    384: 
                    385:  * /etc/environment is no longer read directly on Linux systems
                    386:    when PAM is used.  Sudo now merges the PAM environment into the
                    387:    user's environment which is typically set by the pam_env module.
                    388: 
                    389:  * The initial evironment created when env_reset is in effect now
                    390:    includes the contents of /etc/environment on AIX systems and the
                    391:    "setenv" and "path" entries from /etc/login.conf on BSD systems.
                    392: 
                    393:  * The plugin API has been extended in three ways.  First, options
                    394:    specified in sudo.conf after the plugin pathname are passed to
                    395:    the plugin's open function.  Second, sudo has limited support
                    396:    for hooks that can be used by plugins.  Currently, the hooks are
                    397:    limited to environment handling functions.  Third, the init_session
                    398:    policy plugin function is passed a pointer to the user environment
                    399:    which can be updated during session setup.  The plugin API version
                    400:    has been incremented to version 1.2.  See the sudo_plugin manual
                    401:    for more information.
                    402: 
                    403:  * The policy plugin's init_session function is now called by the
                    404:    parent sudo process, not the child process that executes the
                    405:    command.  This allows the PAM session to be open and closed in
                    406:    the same process, which some PAM modules require.
                    407: 
                    408:  * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
                    409:    which was broken in version 1.8.4.
                    410: 
                    411:  * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
                    412:    file is now uses to determine the controlling terminal, if possible.
                    413:    This allows tty-based tickets to work properly even when, e.g.
                    414:    standard input, output and error are redirected to /dev/null.
                    415: 
                    416:  * The output of "sudoreplay -l" is now sorted by file name (or
                    417:    sequence number).  Previously, entries were displayed in the
                    418:    order in which they were found on the file system.
                    419: 
                    420:  * Sudo now behaves properly when I/O logging is enabled and the
                    421:    controlling terminal is revoked (e.g. the running sshd is killed).
                    422:    Previously, sudo may have exited without calling the I/O plugin's
                    423:    close function which can lead to an incomplete I/O log.
                    424: 
                    425:  * Sudo can now detect when a user has logged out and back in again
                    426:    on Solaris 11, just like it can on Solaris 10.
                    427: 
                    428:  * The built-in zlib included with Sudo has been upgraded to version
                    429:    1.2.6.
                    430: 
                    431:  * Setting the SSL parameter to start_tls in ldap.conf now works
                    432:    properly when using Mozilla-based SDKs that support the
                    433:    ldap_start_tls_s() function.
                    434: 
                    435:  * The TLS_CHECKPEER parameter in ldap.conf now works when the
                    436:    Mozilla NSS crypto backend is used with OpenLDAP.
                    437: 
                    438:  * A new group provider plugin, system_group, is included which
                    439:    performs group look ups by name using the system groups database.
                    440:    This can be used to restore the pre-1.7.3 sudo group lookup
                    441:    behavior.
                    442: 
                    443: What's new in Sudo 1.8.4p5?
                    444: 
                    445:  * Fixed a bug when matching against an IP address with an associated
                    446:    netmask in the sudoers file.  In certain circumstances, this
                    447:    could allow users to run commands on hosts they are not authorized
                    448:    for.
                    449: 
                    450: What's new in Sudo 1.8.4p4?
                    451: 
                    452:  * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
                    453:    from working.
                    454: 
                    455: What's new in Sudo 1.8.4p3?
                    456: 
                    457:  * Fixed a crash on FreeBSD when no tty is present.
                    458: 
                    459:  * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
                    460:    specify environment variables to set on the command line without
                    461:    having sudo "ALL" permissions or the "SETENV" tag.
                    462: 
                    463:  * When visudo is run with the -c (check) option, the sudoers
                    464:    file(s) owner and mode are now also checked unless the -f option
                    465:    was specified.
                    466: 
                    467: What's new in Sudo 1.8.4p2?
                    468: 
                    469:  * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
                    470:    was allocated for group IDs in the LDAP filter.
                    471: 
                    472:  * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
                    473:    was "/sudo.conf" instead of "/etc/sudo.conf".
                    474: 
                    475:  * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
                    476:    when I/O logging is enabled and input is from a pipe or file.
                    477: 
                    478: What's new in Sudo 1.8.4p1?
                    479: 
                    480:  * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
                    481:    deleting from the env_keep, env_check and env_delete lists in
                    482:    sudoers on some platforms.
                    483: 
                    484: What's new in Sudo 1.8.4?
                    485: 
                    486:  * The -D flag in sudo has been replaced with a more general debugging
                    487:    framework that is configured in sudo.conf.
                    488: 
                    489:  * Fixed a false positive in visudo strict mode when aliases are
                    490:    in use.
                    491: 
                    492:  * Fixed a crash with "sudo -i" when a runas group was specified
                    493:    without a runas user.
                    494: 
                    495:  * The line on which a syntax error is reported in the sudoers file
                    496:    is now more accurate.  Previously it was often off by a line.
                    497: 
                    498:  * Fixed a bug where stack garbage could be printed at the end of
                    499:    the lecture when the "lecture_file" option was enabled.
                    500: 
                    501:  * "make install" now honors the LINGUAS environment variable.
                    502: 
                    503:  * The #include and #includedir directives in sudoers now support
                    504:    relative paths.  If the path is not fully qualified it is expected
                    505:    to be located in the same directory of the sudoers file that is
                    506:    including it.
                    507: 
                    508:  * Serbian and Spanish translations for sudo from translationproject.org.
                    509: 
                    510:  * LDAP-based sudoers may now access by group ID in addition to
                    511:    group name.
                    512: 
                    513:  * visudo will now fix the mode on the sudoers file even if no changes
                    514:    are made unless the -f option is specified.
                    515: 
                    516:  * The "use_loginclass" sudoers option works properly again.
                    517: 
                    518:  * On systems that use login.conf, "sudo -i" now sets environment
                    519:    variables based on login.conf.
                    520: 
                    521:  * For LDAP-based sudoers, values in the search expression are now
                    522:    escaped as per RFC 4515.
                    523: 
                    524:  * The plugin close function is now properly called when a login
                    525:    session is killed (as opposed to the actual command being killed).
                    526:    This can happen when an ssh session is disconnected or the
                    527:    terminal window is closed.
                    528: 
                    529:  * The deprecated "noexec_file" sudoers option is no longer supported.
                    530: 
                    531:  * Fixed a race condition when I/O logging is not enabled that could
                    532:    result in tty-generated signals (e.g. control-C) being received
                    533:    by the command twice.
                    534: 
                    535:  * If none of the standard input, output or error are connected to
                    536:    a tty device, sudo will now check its parent's standard input,
                    537:    output or error for the tty name on systems with /proc and BSD
                    538:    systems that support the KERN_PROC_PID sysctl.  This allows
                    539:    tty-based tickets to work properly even when, e.g. standard
                    540:    input, output and error are redirected to /dev/null.
                    541: 
                    542:  * Added the --enable-kerb5-instance configure option to allow
                    543:    people using Kerberos V authentication to specify a custom
                    544:    instance so the principal name can be, e.g. "username/sudo"
                    545:    similar to how ksu uses "username/root".
                    546: 
                    547:  * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
                    548:    the results, which would be incorrectly be interpreted as if the
                    549:    sudoers file had specified a directory.
                    550: 
                    551:  * "visudo -c" will now list any include files that were checked
                    552:    in addition to the main sudoers file when everything parses OK.
                    553: 
                    554:  * Users that only have read-only access to the sudoers file may
                    555:    now run "visudo -c".  Previously, write permissions were required
                    556:    even though no writing is down in check-only mode.
                    557: 
                    558:  * It is now possible to prevent the disabling of core dumps from
                    559:    within sudo itself by adding a line to the sudo.conf file like
                    560:    "Set disable_coredump false".
                    561: 
1.1       misho     562: What's new in Sudo 1.8.3p2?
                    563: 
                    564:  * Fixed a format string vulnerability when the sudo binary (or a
                    565:    symbolic link to the sudo binary) contains printf format escapes
                    566:    and the -D (debugging) flag is used.
                    567: 
                    568: What's new in Sudo 1.8.3p1?
                    569: 
                    570:  * Fixed a crash in the monitor process on Solaris when NOPASSWD
                    571:    was specified or when authentication was disabled.
1.1.1.4   misho     572: 
1.1       misho     573:  * Fixed matching of a Runas_Alias in the group section of a
                    574:    Runas_Spec.
                    575: 
                    576: What's new in Sudo 1.8.3?
                    577: 
                    578:  * Fixed expansion of strftime() escape sequences in the "log_dir"
                    579:    sudoers setting.
                    580: 
                    581:  * Esperanto, Italian and Japanese translations from translationproject.org.
                    582: 
                    583:  * Sudo will now use PAM by default on AIX 6 and higher.
                    584: 
                    585:  * Added --enable-werror configure option for gcc's -Werror flag.
                    586: 
                    587:  * Visudo no longer assumes all editors support the +linenumber
                    588:    command line argument.  It now uses a whitelist of editors known
                    589:    to support the option.
                    590: 
                    591:  * Fixed matching of network addresses when a netmask is specified
                    592:    but the address is not the first one in the CIDR block.
                    593: 
                    594:  * The configure script now check whether or not errno.h declares
                    595:    the errno variable.  Previously, sudo would always declare errno
                    596:    itself for older systems that don't declare it in errno.h.
                    597: 
                    598:  * The NOPASSWD tag is now honored for denied commands too, which
                    599:    matches historic sudo behavior (prior to sudo 1.7.0).
                    600: 
                    601:  * Sudo now honors the "DEREF" setting in ldap.conf which controls
                    602:    how alias dereferencing is done during an LDAP search.
                    603: 
                    604:  * A symbol conflict with the pam_ssh_agent_auth PAM module that
                    605:    would cause a crash been resolved.
                    606: 
                    607:  * The inability to load a group provider plugin is no longer
                    608:    a fatal error.
                    609: 
                    610:  * A potential crash in the utmp handling code has been fixed.
                    611: 
                    612:  * Two PAM session issues have been resolved.  In previous versions
                    613:    of sudo, the PAM session was opened as one user and closed as
                    614:    another.  Additionally, if no authentication was performed, the
                    615:    PAM session would never be closed.
                    616: 
                    617:  * Sudo will now work correctly with LDAP-based sudoers using TLS
                    618:    or SSL on Debian systems.
                    619: 
                    620:  * The LOGNAME, USER and USERNAME environment variables are preserved
                    621:    correctly again in sudoedit mode.
                    622: 
                    623: What's new in Sudo 1.8.2?
                    624: 
                    625:  * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
                    626:    language support (NLS). This can be disabled by passing configure
                    627:    the --disable-nls option.  Sudo will use gettext(), if available,
                    628:    to display translated messages.  All translations are coordinated
                    629:    via The Translation Project, http://translationproject.org/.
                    630: 
                    631:  * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
                    632:    RTLD_LOCAL.  This fixes missing symbol problems in PAM modules
                    633:    on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
                    634: 
                    635:  * I/O logging is now supported for commands run in background mode
                    636:    (using sudo's -b flag).
                    637: 
                    638:  * Group ownership of the sudoers file is now only enforced when
                    639:    the file mode on sudoers allows group readability or writability.
                    640: 
                    641:  * Visudo now checks the contents of an alias and warns about cycles
                    642:    when the alias is expanded.
                    643: 
1.1.1.2   misho     644:  * If the user specifies a group via sudo's -g option that matches
1.1       misho     645:    the target user's group in the password database, it is now
                    646:    allowed even if no groups are present in the Runas_Spec.
                    647: 
                    648:  * The sudo Makefiles now have more complete dependencies which are
                    649:    automatically generated instead of being maintained manually.
                    650: 
                    651:  * The "use_pty" sudoers option is now correctly passed back to the
                    652:    sudo front end.  This was missing in previous versions of sudo
                    653:    1.8 which prevented "use_pty" from being honored.
                    654: 
                    655:  * "sudo -i command" now works correctly with the bash version
                    656:    2.0 and higher.  Previously, the .bash_profile would not be
                    657:    sourced prior to running the command unless bash was built with
                    658:    NON_INTERACTIVE_LOGIN_SHELLS defined.
                    659: 
                    660:  * When matching groups in the sudoers file, sudo will now match
                    661:    based on the name of the group instead of the group ID. This can
                    662:    substantially reduce the number of group lookups for sudoers
                    663:    files that contain a large number of groups.
                    664: 
                    665:  * Multi-factor authentication is now supported on AIX.
                    666: 
                    667:  * Added support for non-RFC 4517 compliant LDAP servers that require
                    668:    that seconds be present in a timestamp, such as Tivoli Directory Server.
                    669: 
                    670:  * If the group vector is to be preserved, the PATH search for the
                    671:    command is now done with the user's original group vector.
                    672: 
                    673:  * For LDAP-based sudoers, the "runas_default" sudoOption now works
                    674:    properly in a sudoRole that contains a sudoCommand.
                    675: 
                    676:  * Spaces in command line arguments for "sudo -s" and "sudo -i" are
                    677:    now escaped with a backslash when checking the security policy.
                    678: 
                    679: What's new in Sudo 1.8.1p2?
                    680: 
                    681:  * Two-character CIDR-style IPv4 netmasks are now matched correctly
                    682:    in the sudoers file.
                    683: 
                    684:  * A build error with MIT Kerberos V has been resolved.
                    685: 
                    686:  * A crash on HP-UX in the sudoers plugin when wildcards are
                    687:    present in the sudoers file has been resolved.
                    688: 
                    689:  * Sudo now works correctly on Tru64 Unix again.
                    690: 
                    691: What's new in Sudo 1.8.1p1?
                    692: 
                    693:  * Fixed a problem on AIX where sudo was unable to set the final
                    694:    uid if the PAM module modified the effective uid.
                    695: 
                    696:  * A non-existent includedir is now treated the same as an empty
                    697:    directory and not reported as an error.
                    698: 
                    699:  * Removed extraneous parens in LDAP filter when sudoers_search_filter
                    700:    is enabled that can cause an LDAP search error.
                    701: 
                    702:  * Fixed a "make -j" problem for "make install".
                    703: 
                    704: What's new in Sudo 1.8.1?
                    705: 
                    706:  * A new LDAP setting, sudoers_search_filter, has been added to
                    707:    ldap.conf.  This setting can be used to restrict the set of
                    708:    records returned by the LDAP query.  Based on changes from Matthew
                    709:    Thomas.
                    710: 
                    711:  * White space is now permitted within a User_List when used in
                    712:    conjunction with a per-user Defaults definition.
                    713: 
                    714:  * A group ID (%#gid) may now be specified in a User_List or Runas_List.
                    715:    Likewise, for non-Unix groups the syntax is %:#gid.
                    716: 
                    717:  * Support for double-quoted words in the sudoers file has been fixed.
                    718:    The change in 1.7.5 for escaping the double quote character
                    719:    caused the double quoting to only be available at the beginning
                    720:    of an entry.
                    721: 
                    722:  * The fix for resuming a suspended shell in 1.7.5 caused problems
                    723:    with resuming non-shells on Linux.  Sudo will now save the process
                    724:    group ID of the program it is running on suspend and restore it
                    725:    when resuming, which fixes both problems.
                    726: 
                    727:  * A bug that could result in corrupted output in "sudo -l" has been
                    728:    fixed.
                    729: 
                    730:  * Sudo will now create an entry in the utmp (or utmpx) file when
                    731:    allocating a pseudo-tty (e.g. when logging I/O).  The "set_utmp"
                    732:    and "utmp_runas" sudoers file options can be used to control this.
                    733:    Other policy plugins may use the "set_utmp" and "utmp_user"
                    734:    entries in the command_info list.
                    735: 
                    736:  * The sudoers policy now stores the TSID field in the logs
                    737:    even when the "iolog_file" sudoers option is defined to a value
                    738:    other than %{sessid}.  Previously, the TSID field was only
                    739:    included in the log file when the "iolog_file" option was set
                    740:    to its default value.
                    741: 
                    742:  * The sudoreplay utility now supports arbitrary session IDs.
                    743:    Previously, it would only work with the base-36 session IDs
                    744:    that the sudoers plugin uses by default.
                    745: 
                    746:  * Sudo now passes "run_shell=true" to the policy plugin in the
                    747:    settings list when sudo's -s command line option is specified.
                    748:    The sudoers policy plugin uses this to implement the "set_home"
                    749:    sudoers option which was missing from sudo 1.8.0.
                    750: 
                    751:  * The "noexec" functionality has been moved out of the sudoers
                    752:    policy plugin and into the sudo front-end, which matches the
                    753:    behavior documented in the plugin writer's guide.  As a result,
                    754:    the path to the noexec file is now specified in the sudo.conf
                    755:    file instead of the sudoers file.
                    756: 
                    757:  * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
                    758:    implement the "noexec" feature.  Previously, this was implemented
                    759:    via the LD_PRELOAD environment variable.
                    760: 
                    761:  * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
                    762:    have been fixed in the sudoers policy plugin.
                    763: 
                    764:  * The sudoers policy plugin now passes the login class, if any,
                    765:    back to the sudo front-end.
                    766: 
                    767:  * The sudoers policy plugin was not being linked with requisite
                    768:    libraries in certain configurations.
                    769: 
                    770:  * Sudo now parses command line arguments before loading any plugins.
                    771:    This allows "sudo -V" or "sudo -h" to work even if there is a problem
                    772:    with sudo.conf
                    773: 
                    774:  * Plugins are now linked with the static version of libgcc to allow
                    775:    the plugin to run on a system where no shared libgcc is installed,
                    776:    or where it is installed in a different location.
                    777: 
                    778: What's new in Sudo 1.8.0?
                    779: 
                    780:  * Sudo has been refactored to use a modular framework that can
                    781:    support third-party policy and I/O logging plugins.  The default
                    782:    plugin is "sudoers" which provides the traditional sudo functionality.
                    783:    See the sudo_plugin manual for details on the plugin API and the
                    784:    sample in the plugins directory for a simple example.
                    785: 
                    786: What's new in Sudo 1.7.5?
                    787: 
                    788:  * When using visudo in check mode, a file named "-" may be used to
                    789:    check sudoers data on the standard input.
                    790: 
                    791:  * Sudo now only fetches shadow password entries when using the
                    792:    password database directly for authentication.
                    793: 
                    794:  * Password and group entries are now cached using the same key
                    795:    that was used to look them up.  This fixes a problem when looking
                    796:    up entries by name if the name in the retrieved entry does not
                    797:    match the name used to look it up.  This may happen on some systems
                    798:    that do case insensitive lookups or that truncate long names.
                    799: 
                    800:  * GCC will no longer display warnings on glibc systems that use
                    801:    the warn_unused_result attribute for write(2) and other system calls.
                    802: 
                    803:  * If a PAM account management module denies access, sudo now prints
                    804:    a more useful error message and stops trying to validate the user.
                    805: 
                    806:  * Fixed a potential hang on idle systems when the sudo-run process
                    807:    exits immediately.
                    808: 
                    809:  * Sudo now includes a copy of zlib that will be used on systems
                    810:    that do not have zlib installed.
                    811: 
                    812:  * The --with-umask-override configure flag has been added to enable
                    813:    the "umask_override" sudoers Defaults option at build time.
                    814: 
                    815:  * Sudo now unblocks all signals on startup to avoid problems caused
                    816:    by the parent process changing the default signal mask.
                    817: 
                    818:  * LDAP Sudoers entries may now specify a time period for which
                    819:    the entry is valid.  This requires an updated sudoers schema
                    820:    that includes the sudoNotBefore and sudoNotAfter attributes.
                    821:    Support for timed entries must be explicitly enabled in the
                    822:    ldap.conf file.  Based on changes from Andreas Mueller.
                    823: 
                    824:  * LDAP Sudoers entries may now specify a sudoOrder attribute that
                    825:    determines the order in which matching entries are applied.  The
                    826:    last matching entry is used, just like file-based sudoers.  This
                    827:    requires an updated sudoers schema that includes the sudoOrder
                    828:    attribute.  Based on changes from Andreas Mueller.
                    829: 
                    830:  * When run as sudoedit, or when given the -e flag, sudo now treats
                    831:    command line arguments as pathnames.  This means that slashes
                    832:    in the sudoers file entry must explicitly match slashes in
                    833:    the command line arguments.  As a result, and entry such as:
                    834:        user ALL = sudoedit /etc/*
                    835:    will allow editing of /etc/motd but not /etc/security/default.
                    836: 
                    837:  * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
                    838:    compatibility with OpenLDAP configuration files.
                    839: 
                    840:  * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
                    841: 
                    842:  * The I/O log directory may now be specified in the sudoers file.
                    843: 
                    844:  * Sudo will no longer refuse to run if the sudoers file is writable
                    845:    by root.
                    846: 
                    847:  * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
                    848:    after validating the command so the sudoers entries do not need
                    849:    to include the backslashes.
                    850: 
                    851:  * Logging and email sending are now done in the locale specified
                    852:    by the "sudoers_locale" setting ("C" by default).  Email send by
                    853:    sudo now includes MIME headers when "sudoers_locale" is not "C".
                    854: 
                    855:  * The configure script has a new option, --disable-env-reset, to
                    856:    allow one to change the default for the sudoers Default setting
                    857:    "env_reset" at compile time.
                    858: 
                    859:  * When logging "sudo -l command", sudo will now prepend "list "
                    860:    to the command in the log line to distinguish between an
                    861:    actual command invocation in the logs.
                    862: 
                    863:  * Double-quoted group and user names may now include escaped double
                    864:    quotes as part of the name.  Previously this was a parse error.
                    865: 
                    866:  * Sudo once again restores the state of the signal handlers it
                    867:    modifies before executing the command.  This allows sudo to be
                    868:    used with the nohup command.
                    869: 
                    870:  * Resuming a suspended shell now works properly when I/O logging
                    871:    is not enabled (the I/O logging case was already correct).
                    872: 
                    873: What's new in Sudo 1.7.4p6?
                    874: 
                    875:  * A bug has been fixed in the I/O logging support that could cause
                    876:    visual artifacts in full-screen programs such as text editors.
                    877: 
                    878: What's new in Sudo 1.7.4p5?
                    879: 
                    880:  * A bug has been fixed that would allow a command to be run without the
                    881:    user entering a password when sudo's -g flag is used without the -u flag.
                    882: 
                    883:  * If user has no supplementary groups, sudo will now fall back on checking
                    884:    the group file explicitly, which restores historic sudo behavior.
                    885: 
                    886:  * A crash has been fixed when sudo's -g flag is used without the -u flag
                    887:    and the sudoers file contains an entry with no runas user or group listed.
                    888: 
                    889:  * A crash has been fixed when the Solaris project support is enabled
                    890:    and sudo's -g flag is used without the -u flag.
                    891: 
                    892:  * Sudo no longer exits with an error when support for auditing is
                    893:    compiled in but auditing is not enabled.
                    894: 
                    895:  * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
                    896:    being honored when the "targetpw" sudoers Defaults option was enabled.
                    897: 
                    898:  * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
                    899: 
                    900:  * A crash has been fixed in "sudo -l" when sudo is built with auditing
                    901:    support and the user is not allowed to run any commands on the host.
                    902: 
                    903: What's new in Sudo 1.7.4p4?
                    904: 
                    905:  * A potential security issue has been fixed with respect to the handling
                    906:    of sudo's -g command line option when -u is also specified.  The flaw
                    907:    may allow an attacker to run commands as a user that is not authorized
                    908:    by the sudoers file.
                    909: 
                    910:  * A bug has been fixed where "sudo -l" output was incomplete if multiple
                    911:    sudoers sources were defined in nsswitch.conf and there was an error
                    912:    querying one of the sources.
                    913: 
                    914:  * The log_input, log_output, and use_pty sudoers options now work correctly
                    915:    on AIX.  Previously, sudo would hang if they were enabled.
                    916: 
                    917:  * The "make install" target now works correctly when sudo is built in a
                    918:    directory other than the source directory.
                    919: 
                    920:  * The "runas_default" sudoers setting now works properly in a per-command
                    921:    Defaults line.
                    922: 
                    923:  * Suspending and resuming the bash shell when PAM is in use now works
                    924:    correctly.  The SIGCONT signal was not propagated to the child process.
                    925: 
                    926: What's new in Sudo 1.7.4p3?
                    927: 
                    928:  * A bug has been fixed where duplicate HOME environment variables could be
                    929:    present when the env_reset setting was disabled and the always_set_home
                    930:    setting was enabled in sudoers.
                    931: 
                    932:  * The value of sysconfdir is now substituted into the path to the sudoers.d
                    933:    directory in the installed sudoers file.
                    934: 
                    935:  * Compilation problems on IRIX and other platforms have been fixed.
                    936: 
                    937:  * If multiple PAM "auth" actions are specified and the user enters ^C at
                    938:    the password prompt, sudo will no longer prompt for a password for any
                    939:    subsequent "auth" actions.  Previously it was necessary to enter ^C for
                    940:    each "auth" action.
                    941: 
                    942: What's new in Sudo 1.7.4p2?
                    943: 
                    944:  * A bug where sudo could spin in a busy loop waiting for the child process
                    945:    has been fixed.
                    946: 
                    947: What's new in Sudo 1.7.4p1?
                    948: 
                    949:  * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
                    950:    functioning when the tty_tickets sudoers option is enabled has been fixed.
                    951: 
                    952:  * Sudo no longer prints a warning when the -k or -K options are specified
                    953:    and the ticket file does not exist.
                    954: 
                    955:  * It is now easier to cross-compile sudo.
                    956: 
                    957: What's new in Sudo 1.7.4?
                    958: 
                    959:  * Sudoedit will now preserve the file extension in the name of the
                    960:    temporary file being edited.  The extension is used by some
                    961:    editors (such as emacs) to choose the editing mode.
                    962: 
                    963:  * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
                    964:    /var/lib/sudo or /var/adm/sudo.  The directories are checked for
                    965:    existence in that order.  This prevents users from receiving the
                    966:    sudo lecture every time the system reboots.  Time stamp files older
                    967:    than the boot time are ignored on systems where it is possible to
                    968:    determine this.
                    969: 
                    970:  * The tty_tickets sudoers option is now enabled by default.
                    971: 
                    972:  * Ancillary documentation (README files, LICENSE, etc) is now installed
                    973:    in a sudo documentation directory.
                    974: 
                    975:  * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
                    976:    in ldap.conf.
                    977: 
                    978:  * Defaults settings that are tied to a user, host or command may
                    979:    now include the negation operator.  For example:
                    980:        Defaults:!millert lecture
                    981:    will match any user but millert.
                    982: 
                    983:  * The default PATH environment variable, used when no PATH variable
                    984:     exists, now includes /usr/sbin and /sbin.
                    985: 
                    986:  * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
                    987:    for cross-platform packing.
                    988: 
                    989:  * On Linux, sudo will now restore the nproc resource limit before
                    990:    executing a command, unless the limit appears to have been modified
                    991:    by pam_limits.  This avoids a problem with bash scripts that open
                    992:    more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
                    993:    will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
                    994: 
                    995:  * The HOME and MAIL environment variables are now reset based on the
                    996:    target user's password database entry when the env_reset sudoers option
                    997:    is enabled (which is the case in the default configuration).  Users
                    998:    wishing to preserve the original values should use a sudoers entry like:
                    999:        Defaults env_keep += HOME
                   1000:    to preserve the old value of HOME and
                   1001:        Defaults env_keep += MAIL
                   1002:    to preserve the old value of MAIL.
                   1003: 
                   1004:  * Fixed a problem in the restoration of the AIX authdb registry setting.
                   1005: 
                   1006:  * Sudo will now fork(2) and wait until the command has completed before
                   1007:    calling pam_close_session().
                   1008: 
                   1009:  * The default syslog facility is now "authpriv" if the operating system
                   1010:    supports it, else "auth".
                   1011: 
                   1012: What's new in Sudo 1.7.3?
                   1013: 
                   1014:  * Support for logging I/O for the command being run.
                   1015:    For more information, see the documentation for the "log_input"
                   1016:    and "log_output" Defaults options in the sudoers manual.  Also
                   1017:    see the sudoreplay manual for how to replay I/O log sessions.
                   1018: 
                   1019:  * The use_pty sudoers option can be used to force a command to be
                   1020:    run in a pseudo-pty, even when I/O logging is not enabled.
                   1021: 
                   1022:  * On some systems, sudo can now detect when a user has logged out
                   1023:    and back in again when tty-based time stamps are in use.  Supported
                   1024:    systems include Solaris systems with the devices file system,
                   1025:    Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
                   1026:    only).
                   1027: 
                   1028:  * On AIX systems, the registry setting in /etc/security/user is
                   1029:    now taken into account when looking up users and groups.  Sudo
                   1030:    now applies the correct the user and group ids when running a
                   1031:    command as a user whose account details come from a different
                   1032:    source (e.g. LDAP or DCE vs.  local files).
                   1033: 
                   1034:  * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
                   1035:    When multiple entries are listed, sudo will try each one in the
                   1036:    order in which they are specified.
                   1037: 
                   1038:  * Sudo's SELinux support should now function correctly when running
                   1039:    commands as a non-root user and when one of stdin, stdout or stderr
                   1040:    is not a terminal.
                   1041: 
                   1042:  * Sudo will now use the Linux audit system with configure with
                   1043:    the --with-linux-audit flag.
                   1044: 
                   1045:  * Sudo now uses mbr_check_membership() on systems that support it
                   1046:    to determine group membership.  Currently, only Darwin (Mac OS X)
                   1047:    supports this.
                   1048: 
                   1049:  * When the tty_tickets sudoers option is enabled but there is no
                   1050:    terminal device, sudo will no longer use or create a tty-based
                   1051:    ticket file.  Previously, sudo would use a tty name of "unknown".
                   1052:    As a consequence, if a user has no terminal device, sudo will
                   1053:    now always prompt for a password.
                   1054: 
                   1055:  * The passwd_timeout and timestamp_timeout options may now be
                   1056:    specified as floating point numbers for more granular timeout
                   1057:    values.
                   1058: 
                   1059:  * Negating the fqdn option in sudoers now works correctly when sudo
                   1060:    is configured with the --with-fqdn option.  In previous versions
                   1061:    of sudo the fqdn was set before sudoers was parsed.
                   1062: 
                   1063: What's new in Sudo 1.7.2?
                   1064: 
                   1065:  * A new #includedir directive is available in sudoers.  This can be
                   1066:    used to implement an /etc/sudo.d directory.  Files in an includedir
                   1067:    are not edited by visudo unless they contain a syntax error.
                   1068: 
                   1069:  * The -g option did not work properly when only setting the group
                   1070:    (and not the user).  Also, in -l mode the wrong user was displayed
                   1071:    for sudoers entries where only the group was allowed to be set.
                   1072: 
                   1073:  * Fixed a problem with the alias checking in visudo which
                   1074:    could prevent visudo from exiting.
                   1075: 
                   1076:  * Sudo will now correctly parse the shell-style /etc/environment
                   1077:    file format used by pam_env on Linux.
                   1078: 
                   1079:  * When doing password and group database lookups, sudo will only
                   1080:    cache an entry by name or by id, depending on how the entry was
                   1081:    looked up.  Previously, sudo would cache by both name and id
                   1082:    from a single lookup, but this breaks sites that have multiple
                   1083:    password or group database names that map to the same uid or
                   1084:    gid.
                   1085: 
                   1086:  * User and group names in sudoers may now be enclosed in double
                   1087:    quotes to avoid having to escape special characters.
                   1088: 
                   1089:  * BSM audit fixes when changing to a non-root uid.
                   1090: 
                   1091:  * Experimental non-Unix group support.  Currently only works with
                   1092:    Quest Authorization Services and allows Active Directory groups
                   1093:    fixes for Minix-3.
                   1094: 
                   1095:  * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
                   1096:    paths may be specified as a directory or a file.  However, version
                   1097:    5.0 of the SDK only appears to support using a directory (despite
                   1098:    documentation to the contrary).  If SSL client initialization
                   1099:    fails and the certificate or key paths look like they could be
                   1100:    default file name, strip off the last path element and try again.
                   1101: 
                   1102:  * A setenv() compatibility fix for Linux systems, where a NULL
                   1103:    value is treated the same as an empty string and the variable
                   1104:    name is checked against the NULL pointer.
                   1105: 
                   1106: What's new in Sudo 1.7.1?
                   1107: 
                   1108:  * A new Defaults option "pwfeedback" will cause sudo to provide visual
                   1109:    feedback when the user is entering a password.
                   1110: 
                   1111:  * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
                   1112:    function for file name globbing instead of glob().  When this option
                   1113:    is enabled, sudo will not check the file system when expanding wildcards.
                   1114:    This is faster but a side effect is that relative paths with wildcard
                   1115:    will no longer work.
                   1116: 
                   1117:  * New BSM audit support for systems that support it such as FreeBSD
                   1118:    and Mac OS X.
                   1119: 
                   1120:  * The file name specified with the #include directive may now include
                   1121:    a %h escape which is expanded to the short form of hostname.
                   1122: 
                   1123:  * The -k flag may now be specified along with a command, causing the
                   1124:    user's timestamp file to be ignored.
                   1125: 
                   1126:  * New support for Tivoli-based LDAP START_TLS, present in AIX.
                   1127: 
                   1128:  * New support for /etc/netsvc.conf on AIX.
                   1129: 
                   1130:  * The unused alias checks in visudo now handle the case of an alias
                   1131:    referring to another alias.
                   1132: 
                   1133: What's new in Sudo 1.7.0?
                   1134: 
                   1135:  * Rewritten parser that converts sudoers into a set of data structures.
                   1136:    This eliminates a number of ordering issues and makes it possible to
                   1137:    apply sudoers Defaults entries before searching for the command.
                   1138:    It also adds support for per-command Defaults specifications.
                   1139: 
                   1140:  * Sudoers now supports a #include facility to allow the inclusion of other
                   1141:    sudoers-format files.
                   1142: 
                   1143:  * Sudo's -l (list) flag has been enhanced:
                   1144:     o applicable Defaults options are now listed
                   1145:     o a command argument can be specified for testing whether a user
                   1146:       may run a specific command.
                   1147:     o a new -U flag can be used in conjunction with "sudo -l" to allow
                   1148:       root (or a user with "sudo ALL") list another user's privileges.
                   1149: 
                   1150:  * A new -g flag has been added to allow the user to specify a
                   1151:    primary group to run the command as.  The sudoers syntax has been
                   1152:    extended to include a group section in the Runas specification.
                   1153: 
                   1154:  * A uid may now be used anywhere a username is valid.
                   1155: 
                   1156:  * The "secure_path" run-time Defaults option has been restored.
                   1157: 
                   1158:  * Password and group data is now cached for fast lookups.
                   1159: 
                   1160:  * The file descriptor at which sudo starts closing all open files is now
                   1161:    configurable via sudoers and, optionally, the command line.
                   1162: 
                   1163:  * Visudo will now warn about aliases that are defined but not used.
                   1164: 
                   1165:  * The -i and -s command line flags now take an optional command
                   1166:    to be run via the shell.  Previously, the argument was passed
                   1167:    to the shell as a script to run.
                   1168: 
                   1169:  * Improved LDAP support.  SASL authentication may now be used in
                   1170:    conjunction when connecting to an LDAP server.  The krb5_ccname
                   1171:    parameter in ldap.conf may be used to enable Kerberos.
                   1172: 
                   1173:  * Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
                   1174:    to specify the sudoers order.  E.g.:
                   1175:        sudoers: ldap files
                   1176:    to check LDAP, then /etc/sudoers.  The default is "files", even
                   1177:    when LDAP support is compiled in.  This differs from sudo 1.6
                   1178:    where LDAP was always consulted first.
                   1179: 
                   1180:  * Support for /etc/environment on AIX and Linux.  If sudo is run
                   1181:    with the -i flag, the contents of /etc/environment are used to
                   1182:    populate the new environment that is passed to the command being
                   1183:    run.
                   1184: 
                   1185:  * If no terminal is available or if the new -A flag is specified,
                   1186:    sudo will use a helper program to read the password if one is
                   1187:    configured.  Typically, this is a graphical password prompter
                   1188:    such as ssh-askpass.
                   1189: 
                   1190:  * A new Defaults option, "mailfrom" that sets the value of the
                   1191:    "From:" field in the warning/error mail.  If unspecified, the
                   1192:    login name of the invoking user is used.
                   1193: 
                   1194:  * A new Defaults option, "env_file" that refers to a file containing
                   1195:    environment variables to be set in the command being run.
                   1196: 
                   1197:  * A new flag, -n, may be used to indicate that sudo should not
                   1198:    prompt the user for a password and, instead, exit with an error
                   1199:    if authentication is required.
                   1200: 
                   1201:  * If sudo needs to prompt for a password and it is unable to disable
                   1202:    echo (and no askpass program is defined), it will refuse to run
                   1203:    unless the "visiblepw" Defaults option has been specified.
                   1204: 
                   1205:  * Prior to version 1.7.0, hitting enter/return at the Password: prompt
                   1206:    would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
                   1207:    an empty password.  To exit sudo, the user must press ^C or ^D
                   1208:    at the prompt.
                   1209: 
                   1210:  * visudo will now check the sudoers file owner and mode in -c (check)
                   1211:    mode when the -s (strict) flag is specified.
                   1212: 
                   1213:  * A new Defaults option "umask_override" will cause sudo to set the
                   1214:    umask specified in sudoers even if it is more permissive than the
                   1215:    invoking user's umask.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>