File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / NEWS
Revision 1.1.1.6 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Sun Jun 15 16:12:53 2014 UTC (10 years, 6 months ago) by misho
Branches: sudo, MAIN
CVS tags: v1_8_10p3_0, v1_8_10p3, HEAD
sudo v 1.8.10p3

    1: What's new in Sudo 1.8.10p3?
    2: 
    3:  * Fixed expansion of %p in the prompt for "sudo -l" when rootpw,
    4:    runaspw or targetpw is set.  Bug #639
    5: 
    6:  * Fixed matching of uids and gids which was broken in version 1.8.9.
    7:    Bug #640
    8: 
    9:  * PAM credential initialization has been re-enabled.  It was
   10:    unintentionally disabled by default in version 1.8.8.  The way
   11:    credentials are initialized has also been fixed.  Bug #642.
   12: 
   13:  * Fixed a descriptor leak on Linux when determing boot time.  Sudo
   14:    normally closes extra descriptors before running a command so
   15:    the impact is limited.  Bug #645
   16: 
   17:  * Fixed flushing of the last buffer of data when I/O logging is
   18:    enabled.  This bug, introduced in version 1.8.9, could cause
   19:    incomplete command output on some systems.  Bug #646
   20: 
   21: What's new in Sudo 1.8.10p2?
   22: 
   23:  * Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
   24:    is set to zero.
   25: 
   26: What's new in Sudo 1.8.10p1?
   27: 
   28:  * Fixed a bug introduced in sudo 1.8.10 that prevented the disabling
   29:    of tty-based tickets.
   30: 
   31:  * Fixed a bug with netgated commands in "sudo -l command" that
   32:    could cause the command to be listed even when it was explicitly
   33:    denied.  This only affected list mode when a command was specified.
   34:    Bug #636
   35: 
   36: What's new in Sudo 1.8.10?
   37: 
   38:  * It is now possible to disable network interface probing in
   39:    sudo.conf by changing the value of the probe_interfaces
   40:    setting.
   41: 
   42:  * When listing a user's privileges (sudo -l), the sudoers plugin
   43:    will now prompt for the user's password even if the targetpw,
   44:    rootpw or runaspw options are set.
   45: 
   46:  * The sudoers plugin uses a new format for its time stamp files.
   47:    Each user now has a single file which may contain multiple records
   48:    when per-tty time stamps are in use (the default).  The time
   49:    stamps use a monotonic timer where available and are once again
   50:    located in a directory under /var/run.  The lecture status is
   51:    now stored separately from the time stamps in a different directory.
   52:    Bug #616
   53: 
   54:  * sudo's -K option will now remove all of the user's time stamps,
   55:    not just the time stamp for the current terminal.  The -k option
   56:    can be used to only disable time stamps for the current terminal.
   57: 
   58:  * If sudo was started in the background and needed to prompt for
   59:    a password, it was not possible to suspend it at the password
   60:    prompt.  This now works properly.
   61: 
   62:  * LDAP-based sudoers now uses a default search filter of
   63:    (objectClass=sudoRole) for more efficient queries.  The netgroup
   64:    query has been modified to avoid falling below the minimum length
   65:    for OpenLDAP substring indices.
   66: 
   67:  * The new "use_netgroups" sudoers option can be used to explicitly
   68:    enable or disable netgroups support.  For LDAP-based sudoers,
   69:    netgroup support requires an expensive substring match on the
   70:    server.  If netgroups are not needed, this option can be disabled
   71:    to reduce the load on the LDAP server.
   72: 
   73:  * Sudo is once again able to open the sudoers file when the group
   74:    on sudoers doesn't match the expected value, so long as the file
   75:    is not group writable.
   76: 
   77:  * Sudo now installs an init.d script to clear the time stamp
   78:    directory at boot time on AIX and HP-UX systems.  These systems
   79:    either lack /var/run or do not clear it on boot.
   80: 
   81:  * The JSON format used by "visudo -x" now properly supports the
   82:    negation operator.  In addition, the Options object is now the
   83:    same for both Defaults and Cmnd_Specs.
   84: 
   85:  * Czech and Serbian translations for sudoers from translationproject.org.
   86: 
   87:  * Catalan translation for sudo from translationproject.org.
   88: 
   89: What's new in Sudo 1.8.9p5?
   90: 
   91:  * Fixed a compilation error on AIX when LDAP support is enabled.
   92: 
   93:  * Fixed parsing of the "umask" defaults setting in sudoers.  Bug #632.
   94: 
   95:  * Fixed a failed assertion when the "closefrom_override" defaults
   96:    setting is enabled in sudoers and sudo's -C flag is used.  Bug #633.
   97: 
   98: What's new in Sudo 1.8.9p4?
   99: 
  100:  * Fixed a bug where sudo could consume large amounts of CPU while
  101:    the command was running when I/O logging is not enabled.  Bug #631
  102: 
  103:  * Fixed a bug where sudo would exit with an error when the debug
  104:    level is set to util@debug or all@debug and I/O logging is not
  105:    enabled.  The command would continue runnning after sudo exited.
  106: 
  107: What's new in Sudo 1.8.9p3?
  108: 
  109:  * Fixed a bug introduced in sudo 1.8.9 that prevented the tty name
  110:    from being resolved properly on Linux systems.  Bug #630.
  111: 
  112: What's new in Sudo 1.8.9p2?
  113: 
  114:  * Updated config.guess, config.sub and libtool to support the ppc64le
  115:    architecture (IBM PowerPC Little Endian).
  116: 
  117: What's new in Sudo 1.8.9p1?
  118: 
  119:  * Fixed a problem with gcc 4.8's handling of bit fields that could
  120:    lead to the noexec flag being enabled even when it was not
  121:    explicitly set.
  122: 
  123: What's new in Sudo 1.8.9?
  124: 
  125:  * Reworked sudo's main event loop to use a simple event subsystem
  126:    using poll(2) or select(2) as the back end.
  127: 
  128:  * It is now possible to statically compile the sudoers plugin into
  129:    the sudo binary without disabling shared library support.  The
  130:    sudo.conf file may still be used to configure other plugins.
  131: 
  132:  * Sudo can now be compiled again with a C preprocessor that does
  133:    not support variadic macros.
  134: 
  135:  * Visudo can now export a sudoers file in JSON format using the
  136:    new -x flag.
  137: 
  138:  * The locale is now set correctly again for visudo and sudoreplay.
  139: 
  140:  * The plugin API has been extended to allow the plugin to exclude
  141:    specific file descriptors from the "closefrom" range.
  142: 
  143:  * There is now a workaround for a Solaris-specific problem where
  144:    NOEXEC was overriding traditional root DAC behavior.
  145: 
  146:  * Add user netgroup filtering for SSSD. Previously, rules for
  147:    a netgroup were applied to all even when they did not belong
  148:    to the specified netgroup.
  149: 
  150:  * On systems with BSD login classes, if the user specified a group
  151:    (not a user) to run the command as, it was possible to specify
  152:    a different login class even when the command was not run as the
  153:    super user.
  154: 
  155:  * The closefrom() emulation on Mac OS X now uses /dev/fd if possible.
  156: 
  157:  * Fixed a bug where sudoedit would not update the original file
  158:    from the temporary when PAM or I/O logging is not enabled.
  159: 
  160:  * When recycling I/O logs, the log files are now truncated properly.
  161: 
  162:  * Fixes bugs #617, #621, #622, #623, #624, #625, #626
  163: 
  164: What's new in Sudo 1.8.8?
  165: 
  166:  * Removed a warning on PAM systems with stacked auth modules
  167:    where the first module on the stack does not succeed.
  168: 
  169:  * Sudo, sudoreplay and visudo now support GNU-style long options.
  170: 
  171:  * The -h (--host) option may now be used to specify a host name.
  172:    This is currently only used by the sudoers plugin in conjunction
  173:    with the -l (--list) option.
  174: 
  175:  * Program usage messages and manual SYNOPSIS sections have been
  176:    simplified.
  177: 
  178:  * Sudo's LDAP SASL support now works properly with Kerberos.
  179:    Previously, the SASL library was unable to locate the user's
  180:    credential cache.
  181: 
  182:  * It is now possible to set the nproc resource limit to unlimited
  183:    via pam_limits on Linux (bug #565).
  184: 
  185:  * New "pam_service" and "pam_login_service" sudoers options
  186:    that can be used to specify the PAM service name to use.
  187: 
  188:  * New "pam_session" and "pam_setcred" sudoers options that
  189:    can be used to disable PAM session and credential support.
  190: 
  191:  * The sudoers plugin now properly supports UIDs and GIDs
  192:    that are larger than 0x7fffffff on 32-bit platforms.
  193: 
  194:  * Fixed a visudo bug introduced in sudo 1.8.7 where per-group
  195:    Defaults entries would cause an internal error.
  196: 
  197:  * If the "tty_tickets" sudoers option is enabled (the default),
  198:    but there is no tty present, sudo will now use a ticket file
  199:    based on the parent process ID.  This makes it possible to support
  200:    the normal timeout behavior for the session.
  201: 
  202:  * Fixed a problem running commands that change their process
  203:    group and then attempt to change the terminal settings when not
  204:    running the command in a pseudo-terminal.  Previously, the process
  205:    would receive SIGTTOU since it was effectively a background
  206:    process.  Sudo will now grant the child the controlling tty and
  207:    continue it when this happens.
  208: 
  209:  * The "closefrom_override" sudoers option may now be used in
  210:    a command-specified Defaults entry (bug #610).
  211: 
  212:  * Sudo's BSM audit support now works on Solaris 11.
  213: 
  214:  * Brazilian Portuguese translation for sudo and sudoers from
  215:    translationproject.org.
  216: 
  217:  * Czech translation for sudo from translationproject.org.
  218: 
  219:  * French translation for sudo from translationproject.org.
  220: 
  221:  * Sudo's noexec support on Mac OS X 10.4 and above now uses dynamic
  222:    symbol interposition instead of setting DYLD_FORCE_FLAT_NAMESPACE=1
  223:    which causes issues with some programs.
  224: 
  225:  * Fixed visudo's -q (--quiet) flag, broken in sudo 1.8.6.
  226: 
  227:  * Root may no longer change its SELinux role without entering
  228:    a password.
  229: 
  230:  * Fixed a bug introduced in Sudo 1.8.7 where the indexes written
  231:    to the I/O log timing file are two greater than they should be.
  232:    Sudoreplay now contains a work-around to parse those files.
  233: 
  234:  * In sudoreplay's list mode, the "this" qualifier in "fromdate"
  235:    or "todate" expressions now behaves more sensibly.  Previously,
  236:    it would often match a date that was "one more" than expected.
  237:    For example, "this week" now matches the current week instead
  238:    of the following week.
  239: 
  240: What's new in Sudo 1.8.7?
  241: 
  242:  * The non-Unix group plugin is now supported when sudoers data
  243:    is stored in LDAP.
  244: 
  245:  * Sudo now uses a workaround for a locale bug on Solaris 11.0
  246:    that prevents setuid programs like sudo from fully using locales.
  247: 
  248:  * User messages are now always displayed in the user's locale,
  249:    even when the same message is being logged or mailed in a
  250:    different locale.
  251: 
  252:  * Log files created by sudo now explicitly have the group set
  253:    to group ID 0 rather than relying on BSD group semantics (which
  254:    may not be the default).
  255: 
  256:  * A new "exec_background" sudoers option can be used to initially
  257:    run the command without read access to the terminal when running
  258:    a command in a pseudo-tty.  If the command tries to read from
  259:    the terminal it will be stopped by the kernel (via SIGTTIN or
  260:    SIGTTOU) and sudo will immediately restart it as the foreground
  261:    process (if possible).  This allows sudo to only pass terminal
  262:    input to the program if the program actually is expecting it.
  263:    Unfortunately, a few poorly-behaved programs (like "su" on most
  264:    Linux systems) do not handle SIGTTIN and SIGTTOU properly.
  265: 
  266:  * Sudo now uses an efficient group query to get all the groups
  267:    for a user instead of iterating over every record in the group
  268:    database on HP-UX and Solaris.
  269: 
  270:  * Sudo now produces better error messages when there is an error
  271:    in the sudo.conf file.
  272: 
  273:  * Two new settings have been added to sudo.conf to give the admin
  274:    better control of how group database queries are performed.  The
  275:    "group_source" specifies how the group list for a user will be
  276:    determined.  Legal values are "static" (use the kernel groups
  277:    list), "dynamic" (perform a group database query) and "adaptive"
  278:    (only perform a group database query if the kernel list is full).
  279:    The "max_groups" setting specifies the maximum number of groups
  280:    a user may belong to when performing a group database query.
  281: 
  282:  * The sudo.conf file now supports line continuation by using a
  283:    backslash as the last character on the line.
  284: 
  285:  * There is now a standalone sudo.conf manual page.
  286: 
  287:  * Sudo now stores its libexec files in a "sudo" sub-directory instead
  288:    of in libexec itself. For backwards compatibility, if the plugin
  289:    is not found in the default plugin directory, sudo will check
  290:    the parent directory if the default directory ends in "/sudo".
  291: 
  292:  * The sudoers I/O logging plugin now logs the terminal size.
  293: 
  294:  * A new sudoers option "maxseq" can be used to limit the number of
  295:    I/O log entries that are stored.
  296: 
  297:  * The "system_group" and "group_file" sudoers group provider plugins
  298:    are now installed by default.
  299: 
  300:  * The list output (sudo -l) output from the sudoers plugin is now
  301:    less ambiguous when an entry includes different runas users.
  302:    The long list output (sudo -ll) for file-based sudoers is now
  303:    more consistent with the format of LDAP-based sudoers.
  304: 
  305:  * A uid may now be used in the sudoRunAsUser attributes for LDAP
  306:    sudoers.
  307: 
  308:  * Minor plugin API change: the close and version functions are now
  309:    optional.  If the policy plugin does not provide a close function
  310:    and the command is not being run in a new pseudo-tty, sudo may
  311:    now execute the command directly instead of in a child process.
  312: 
  313:  * A new sudoers option "pam_session" can be used to disable sudo's
  314:    PAM session support.
  315: 
  316:  * On HP-UX systems, sudo will now use the pstat() function to
  317:    determine the tty instead of ttyname().
  318: 
  319:  * Turkish translation for sudo and sudoers from translationproject.org.
  320: 
  321:  * Dutch translation for sudo and sudoers from translationproject.org.
  322: 
  323:  * Tivoli Directory Server client libraries may now be used with
  324:    HP-UX where libibmldap has a hidden dependency on libCsup.
  325: 
  326:  * The sudoers plugin will now ignore invalid domain names when
  327:    checking netgroup membership.  Most Linux systems use the string
  328:    "(none)" for the NIS-style domain name instead of an empty string.
  329: 
  330:  * New support for specifying a SHA-2 digest along with the command
  331:    in sudoers.  Supported hash types are sha224, sha256, sha384 and
  332:    sha512.  See the description of Digest_Spec in the sudoers manual
  333:    or the description of sudoCommand in the sudoers.ldap manual for
  334:    details.
  335: 
  336:  * The paths to ldap.conf and ldap.secret may now be specified as
  337:    arguments to the sudoers plugin in the sudo.conf file.
  338: 
  339:  * Fixed potential false positives in visudo's alias cycle detection.
  340: 
  341:  * Fixed a problem where the time stamp file was being treated
  342:    as out of date on Linux systems where the change time on the
  343:    pseudo-tty device node can change after it is allocated.
  344: 
  345:  * Sudo now only builds Position Independent Executables (PIE)
  346:    by default on Linux systems and verifies that a trivial test
  347:    program builds and runs.
  348: 
  349:  * On Solaris 11.1 and higher, sudo binaries will now have the
  350:    ASLR tag enabled if supported by the linker.
  351: 
  352: What's new in Sudo 1.8.6p8?
  353: 
  354:  * Terminal detection now works properly on 64-bit AIX kernels.
  355:    This was broken by the removal of the ttyname() fallback in Sudo
  356:    1.8.6p6.  Sudo is now able to map an AIX 64-bit device number
  357:    to the corresponding device file in /dev.
  358: 
  359:  * Sudo now checks for crypt() returning NULL when performing
  360:    passwd-based authentication.
  361: 
  362: What's new in Sudo 1.8.6p7?
  363: 
  364:  * A time stamp file with the date set to the epoch by "sudo -k"
  365:    is now completely ignored regardless of what the local clock is
  366:    set to.  Previously, if the local clock was set to a value between
  367:    the epoch and the time stamp timeout value, a time stamp reset
  368:    by "sudo -k" would be considered current.
  369: 
  370:  * The tty-specific time stamp file now includes the session ID
  371:    of the sudo process that created it.  If a process with the same
  372:    tty but a different session ID runs sudo, the user will now be
  373:    prompted for a password (assuming authentication is required for
  374:    the command).
  375: 
  376: What's new in Sudo 1.8.6p6?
  377: 
  378:  * On systems where the controlling tty can be determined via /proc
  379:    or sysctl(), sudo will no longer fall back to using ttyname()
  380:    if the process has no controlling tty.  This prevents sudo from
  381:    using a non-controlling tty for logging and time stamp purposes.
  382: 
  383: What's new in Sudo 1.8.6p5?
  384: 
  385:  * Fixed a potential crash in visudo's alias cycle detection.
  386: 
  387:  * Improved performance on Solaris when retrieving the group list
  388:    for the target user.  On systems with a large number of groups
  389:    where the group database is not local (NIS, LDAP, AD), fetching
  390:    the group list could take a minute or more.
  391: 
  392: What's new in Sudo 1.8.6p4?
  393: 
  394:  * The -fstack-protector is now used when linking visudo, sudoreplay
  395:    and testsudoers.
  396: 
  397:  * Avoid building PIE binaries on FreeBSD/ia64 as they don't run
  398:    properly.
  399: 
  400:  * Fixed a crash in visudo strict mode when an unknown Defaults
  401:    setting is encountered.
  402: 
  403:  * Do not inform the user that the command was not permitted by the
  404:    policy if they do not successfully authenticate. This is a
  405:    regression introduced in sudo 1.8.6.
  406: 
  407:  * Allow sudo to be build with sss support without also including
  408:    ldap support.
  409: 
  410:  * Fix running commands that need the terminal in the background
  411:    when I/O logging is enabled. E.g. "sudo vi &". When the command
  412:    is foregrounded, it will now resume properly.
  413: 
  414: What's new in Sudo 1.8.6p3?
  415: 
  416:  * Fixed post-processing of the man pages on systems with legacy
  417:    versions of sed.
  418: 
  419:  * Fixed "sudoreplay -l" on Linux systems with file systems that
  420:    set DT_UNKNOWN in the d_type field of struct dirent.
  421: 
  422: What's new in Sudo 1.8.6p2?
  423: 
  424:  * Fixed suspending a command after it has already been resumed
  425:    once when I/O logging (or use_pty) is not enabled.
  426:    This was a regression introduced in version 1.8.6.
  427: 
  428: What's new in Sudo 1.8.6p1?
  429: 
  430:  * Fixed the setting of LOGNAME, USER and USERNAME variables in the
  431:    command's environment when env_reset is enabled (the default).
  432:    This was a regression introduced in version 1.8.6.
  433: 
  434:  * Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
  435: 
  436: What's new in Sudo 1.8.6?
  437: 
  438:  * Sudo is now built with the -fstack-protector flag if the the
  439:    compiler supports it.  Also, the -zrelro linker flag is used if
  440:    supported.  The --disable-hardening configure option can be used
  441:    to build sudo without stack smashing protection.
  442: 
  443:  * Sudo is now built as a Position Independent Executable (PIE)
  444:    if supported by the compiler and linker.
  445: 
  446:  * If the user is a member of the "exempt" group in sudoers, they
  447:    will no longer be prompted for a password even if the -k flag
  448:    is specified with the command.  This makes "sudo -k command"
  449:    consistent with the behavior one would get if the user ran "sudo
  450:    -k" immediately before running the command.
  451: 
  452:  * The sudoers file may now be a symbolic link.  Previously, sudo
  453:    would refuse to read sudoers unless it was a regular file.
  454: 
  455:  * The sudoreplay command can now properly replay sessions where
  456:    no tty was present.
  457: 
  458:  * The sudoers plugin now takes advantage of symbol visibility
  459:    controls when supported by the compiler or linker.  As a result,
  460:    only a small number of symbols are exported which significantly
  461:    reduces the chances of a conflict with other shared objects.
  462: 
  463:  * Improved support for the Tivoli Directory Server LDAP client
  464:    libraries.  This includes support for using LDAP over SSL (ldaps)
  465:    as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
  466:    ldap.conf options.  A new ldap.conf option, TLS_KEYPW can be
  467:    used to specify a password to decrypt the key database.
  468: 
  469:  * When constructing a time filter for use with LDAP sudoNotBefore
  470:    and sudoNotAfter attributes, the current time now includes tenths
  471:    of a second.  This fixes a problem with timed entries on Active
  472:    Directory.
  473: 
  474:  * If a user fails to authenticate and the command would be rejected
  475:    by sudoers, it is now logged with "command not allowed" instead
  476:    of "N incorrect password attempts".  Likewise, the "mail_no_perms"
  477:    sudoers option now takes precedence over "mail_badpass".
  478: 
  479:  * The sudo manuals are now formatted using the mdoc macros.  Versions
  480:    using the legacy man macros are provided for systems that lack mdoc.
  481: 
  482:  * New support for Solaris privilege sets.  This makes it possible
  483:    to specify fine-grained privileges in the sudoers file on Solaris
  484:    10 and above.  A Runas_Spec that contains no Runas_Lists can be
  485:    used to give a user the ability to run a command as themselves
  486:    but with an expanded privilege set.
  487: 
  488:  * Fixed a problem with the reboot and shutdown commands on some
  489:    systems (such as HP-UX and BSD).  On these systems, reboot sends
  490:    all processes (except itself) SIGTERM.  When sudo received
  491:    SIGTERM, it would relay it to the reboot process, thus killing
  492:    reboot before it had a chance to actually reboot the system.
  493: 
  494:  * Support for using the System Security Services Daemon (SSSD) as
  495:    a source of sudoers data.
  496: 
  497:  * Slovenian translation for sudo and sudoers from translationproject.org.
  498: 
  499:  * Visudo will now warn about unknown Defaults entries that are
  500:    per-host, per-user, per-runas or per-command.
  501: 
  502:  * Fixed a race condition that could cause sudo to receive SIGTTOU
  503:    (and stop) when resuming a shell that was run via sudo when I/O
  504:    logging (and use_pty) is not enabled.
  505: 
  506:  * Sending SIGTSTP directly to the sudo process will now suspend the
  507:    running command when I/O logging (and use_pty) is not enabled.
  508: 
  509: What's new in Sudo 1.8.5p3?
  510: 
  511:  * Fixed the loading of I/O plugins that conform to a plugin API
  512:    version older than 1.2.
  513: 
  514: What's new in Sudo 1.8.5p2?
  515: 
  516:  * Fixed use of the SUDO_ASKPASS environment variable which was
  517:    broken in Sudo 1.8.5.
  518: 
  519:  * Fixed a problem reading the sudoers file when the file mode is
  520:    more restrictive than the expected mode.  For example, when the
  521:    expected sudoers file mode is 0440 but the actual mode is 0400.
  522: 
  523: What's new in Sudo 1.8.5p1?
  524: 
  525:  * Fixed a bug that prevented files in an include directory from
  526:    being evaluated.
  527: 
  528: What's new in Sudo 1.8.5?
  529: 
  530:  * When "noexec" is enabled, sudo_noexec.so will now be prepended
  531:    to any existing LD_PRELOAD variable instead of replacing it.
  532: 
  533:  * The sudo_noexec.so shared library now wraps the execvpe(),
  534:    exect(), posix_spawn() and posix_spawnp() functions.
  535: 
  536:  * The user/group/mode checks on sudoers files have been relaxed.
  537:    As long as the file is owned by the sudoers uid, not world-writable
  538:    and not writable by a group other than the sudoers gid, the file
  539:    is considered OK.  Note that visudo will still set the mode to
  540:    the value specified at configure time.
  541: 
  542:  * It is now possible to specify the sudoers path, uid, gid and
  543:    file mode as options to the plugin in the sudo.conf file.
  544: 
  545:  * Croatian, Galician, German, Lithuanian, Swedish and Vietnamese
  546:    translations from translationproject.org.
  547: 
  548:  * /etc/environment is no longer read directly on Linux systems
  549:    when PAM is used.  Sudo now merges the PAM environment into the
  550:    user's environment which is typically set by the pam_env module.
  551: 
  552:  * The initial evironment created when env_reset is in effect now
  553:    includes the contents of /etc/environment on AIX systems and the
  554:    "setenv" and "path" entries from /etc/login.conf on BSD systems.
  555: 
  556:  * The plugin API has been extended in three ways.  First, options
  557:    specified in sudo.conf after the plugin pathname are passed to
  558:    the plugin's open function.  Second, sudo has limited support
  559:    for hooks that can be used by plugins.  Currently, the hooks are
  560:    limited to environment handling functions.  Third, the init_session
  561:    policy plugin function is passed a pointer to the user environment
  562:    which can be updated during session setup.  The plugin API version
  563:    has been incremented to version 1.2.  See the sudo_plugin manual
  564:    for more information.
  565: 
  566:  * The policy plugin's init_session function is now called by the
  567:    parent sudo process, not the child process that executes the
  568:    command.  This allows the PAM session to be open and closed in
  569:    the same process, which some PAM modules require.
  570: 
  571:  * Fixed parsing of "Path askpass" and "Path noexec" in sudo.conf,
  572:    which was broken in version 1.8.4.
  573: 
  574:  * On systems with an SVR4-style /proc file system, the /proc/pid/psinfo
  575:    file is now uses to determine the controlling terminal, if possible.
  576:    This allows tty-based tickets to work properly even when, e.g.
  577:    standard input, output and error are redirected to /dev/null.
  578: 
  579:  * The output of "sudoreplay -l" is now sorted by file name (or
  580:    sequence number).  Previously, entries were displayed in the
  581:    order in which they were found on the file system.
  582: 
  583:  * Sudo now behaves properly when I/O logging is enabled and the
  584:    controlling terminal is revoked (e.g. the running sshd is killed).
  585:    Previously, sudo may have exited without calling the I/O plugin's
  586:    close function which can lead to an incomplete I/O log.
  587: 
  588:  * Sudo can now detect when a user has logged out and back in again
  589:    on Solaris 11, just like it can on Solaris 10.
  590: 
  591:  * The built-in zlib included with Sudo has been upgraded to version
  592:    1.2.6.
  593: 
  594:  * Setting the SSL parameter to start_tls in ldap.conf now works
  595:    properly when using Mozilla-based SDKs that support the
  596:    ldap_start_tls_s() function.
  597: 
  598:  * The TLS_CHECKPEER parameter in ldap.conf now works when the
  599:    Mozilla NSS crypto backend is used with OpenLDAP.
  600: 
  601:  * A new group provider plugin, system_group, is included which
  602:    performs group look ups by name using the system groups database.
  603:    This can be used to restore the pre-1.7.3 sudo group lookup
  604:    behavior.
  605: 
  606: What's new in Sudo 1.8.4p5?
  607: 
  608:  * Fixed a bug when matching against an IP address with an associated
  609:    netmask in the sudoers file.  In certain circumstances, this
  610:    could allow users to run commands on hosts they are not authorized
  611:    for.
  612: 
  613: What's new in Sudo 1.8.4p4?
  614: 
  615:  * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v"
  616:    from working.
  617: 
  618: What's new in Sudo 1.8.4p3?
  619: 
  620:  * Fixed a crash on FreeBSD when no tty is present.
  621: 
  622:  * Fixed a bug introduced in Sudo 1.8.4 that allowed users to
  623:    specify environment variables to set on the command line without
  624:    having sudo "ALL" permissions or the "SETENV" tag.
  625: 
  626:  * When visudo is run with the -c (check) option, the sudoers
  627:    file(s) owner and mode are now also checked unless the -f option
  628:    was specified.
  629: 
  630: What's new in Sudo 1.8.4p2?
  631: 
  632:  * Fixed a bug introduced in Sudo 1.8.4 where insufficient space
  633:    was allocated for group IDs in the LDAP filter.
  634: 
  635:  * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf
  636:    was "/sudo.conf" instead of "/etc/sudo.conf".
  637: 
  638:  * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang
  639:    when I/O logging is enabled and input is from a pipe or file.
  640: 
  641: What's new in Sudo 1.8.4p1?
  642: 
  643:  * Fixed a bug introduced in sudo 1.8.4 that broke adding to or
  644:    deleting from the env_keep, env_check and env_delete lists in
  645:    sudoers on some platforms.
  646: 
  647: What's new in Sudo 1.8.4?
  648: 
  649:  * The -D flag in sudo has been replaced with a more general debugging
  650:    framework that is configured in sudo.conf.
  651: 
  652:  * Fixed a false positive in visudo strict mode when aliases are
  653:    in use.
  654: 
  655:  * Fixed a crash with "sudo -i" when a runas group was specified
  656:    without a runas user.
  657: 
  658:  * The line on which a syntax error is reported in the sudoers file
  659:    is now more accurate.  Previously it was often off by a line.
  660: 
  661:  * Fixed a bug where stack garbage could be printed at the end of
  662:    the lecture when the "lecture_file" option was enabled.
  663: 
  664:  * "make install" now honors the LINGUAS environment variable.
  665: 
  666:  * The #include and #includedir directives in sudoers now support
  667:    relative paths.  If the path is not fully qualified it is expected
  668:    to be located in the same directory of the sudoers file that is
  669:    including it.
  670: 
  671:  * Serbian and Spanish translations for sudo from translationproject.org.
  672: 
  673:  * LDAP-based sudoers may now access by group ID in addition to
  674:    group name.
  675: 
  676:  * visudo will now fix the mode on the sudoers file even if no changes
  677:    are made unless the -f option is specified.
  678: 
  679:  * The "use_loginclass" sudoers option works properly again.
  680: 
  681:  * On systems that use login.conf, "sudo -i" now sets environment
  682:    variables based on login.conf.
  683: 
  684:  * For LDAP-based sudoers, values in the search expression are now
  685:    escaped as per RFC 4515.
  686: 
  687:  * The plugin close function is now properly called when a login
  688:    session is killed (as opposed to the actual command being killed).
  689:    This can happen when an ssh session is disconnected or the
  690:    terminal window is closed.
  691: 
  692:  * The deprecated "noexec_file" sudoers option is no longer supported.
  693: 
  694:  * Fixed a race condition when I/O logging is not enabled that could
  695:    result in tty-generated signals (e.g. control-C) being received
  696:    by the command twice.
  697: 
  698:  * If none of the standard input, output or error are connected to
  699:    a tty device, sudo will now check its parent's standard input,
  700:    output or error for the tty name on systems with /proc and BSD
  701:    systems that support the KERN_PROC_PID sysctl.  This allows
  702:    tty-based tickets to work properly even when, e.g. standard
  703:    input, output and error are redirected to /dev/null.
  704: 
  705:  * Added the --enable-kerb5-instance configure option to allow
  706:    people using Kerberos V authentication to specify a custom
  707:    instance so the principal name can be, e.g. "username/sudo"
  708:    similar to how ksu uses "username/root".
  709: 
  710:  * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
  711:    the results, which would be incorrectly be interpreted as if the
  712:    sudoers file had specified a directory.
  713: 
  714:  * "visudo -c" will now list any include files that were checked
  715:    in addition to the main sudoers file when everything parses OK.
  716: 
  717:  * Users that only have read-only access to the sudoers file may
  718:    now run "visudo -c".  Previously, write permissions were required
  719:    even though no writing is down in check-only mode.
  720: 
  721:  * It is now possible to prevent the disabling of core dumps from
  722:    within sudo itself by adding a line to the sudo.conf file like
  723:    "Set disable_coredump false".
  724: 
  725: What's new in Sudo 1.8.3p2?
  726: 
  727:  * Fixed a format string vulnerability when the sudo binary (or a
  728:    symbolic link to the sudo binary) contains printf format escapes
  729:    and the -D (debugging) flag is used.
  730: 
  731: What's new in Sudo 1.8.3p1?
  732: 
  733:  * Fixed a crash in the monitor process on Solaris when NOPASSWD
  734:    was specified or when authentication was disabled.
  735: 
  736:  * Fixed matching of a Runas_Alias in the group section of a
  737:    Runas_Spec.
  738: 
  739: What's new in Sudo 1.8.3?
  740: 
  741:  * Fixed expansion of strftime() escape sequences in the "log_dir"
  742:    sudoers setting.
  743: 
  744:  * Esperanto, Italian and Japanese translations from translationproject.org.
  745: 
  746:  * Sudo will now use PAM by default on AIX 6 and higher.
  747: 
  748:  * Added --enable-werror configure option for gcc's -Werror flag.
  749: 
  750:  * Visudo no longer assumes all editors support the +linenumber
  751:    command line argument.  It now uses a whitelist of editors known
  752:    to support the option.
  753: 
  754:  * Fixed matching of network addresses when a netmask is specified
  755:    but the address is not the first one in the CIDR block.
  756: 
  757:  * The configure script now check whether or not errno.h declares
  758:    the errno variable.  Previously, sudo would always declare errno
  759:    itself for older systems that don't declare it in errno.h.
  760: 
  761:  * The NOPASSWD tag is now honored for denied commands too, which
  762:    matches historic sudo behavior (prior to sudo 1.7.0).
  763: 
  764:  * Sudo now honors the "DEREF" setting in ldap.conf which controls
  765:    how alias dereferencing is done during an LDAP search.
  766: 
  767:  * A symbol conflict with the pam_ssh_agent_auth PAM module that
  768:    would cause a crash been resolved.
  769: 
  770:  * The inability to load a group provider plugin is no longer
  771:    a fatal error.
  772: 
  773:  * A potential crash in the utmp handling code has been fixed.
  774: 
  775:  * Two PAM session issues have been resolved.  In previous versions
  776:    of sudo, the PAM session was opened as one user and closed as
  777:    another.  Additionally, if no authentication was performed, the
  778:    PAM session would never be closed.
  779: 
  780:  * Sudo will now work correctly with LDAP-based sudoers using TLS
  781:    or SSL on Debian systems.
  782: 
  783:  * The LOGNAME, USER and USERNAME environment variables are preserved
  784:    correctly again in sudoedit mode.
  785: 
  786: What's new in Sudo 1.8.2?
  787: 
  788:  * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
  789:    language support (NLS). This can be disabled by passing configure
  790:    the --disable-nls option.  Sudo will use gettext(), if available,
  791:    to display translated messages.  All translations are coordinated
  792:    via The Translation Project, http://translationproject.org/.
  793: 
  794:  * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
  795:    RTLD_LOCAL.  This fixes missing symbol problems in PAM modules
  796:    on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
  797: 
  798:  * I/O logging is now supported for commands run in background mode
  799:    (using sudo's -b flag).
  800: 
  801:  * Group ownership of the sudoers file is now only enforced when
  802:    the file mode on sudoers allows group readability or writability.
  803: 
  804:  * Visudo now checks the contents of an alias and warns about cycles
  805:    when the alias is expanded.
  806: 
  807:  * If the user specifies a group via sudo's -g option that matches
  808:    the target user's group in the password database, it is now
  809:    allowed even if no groups are present in the Runas_Spec.
  810: 
  811:  * The sudo Makefiles now have more complete dependencies which are
  812:    automatically generated instead of being maintained manually.
  813: 
  814:  * The "use_pty" sudoers option is now correctly passed back to the
  815:    sudo front end.  This was missing in previous versions of sudo
  816:    1.8 which prevented "use_pty" from being honored.
  817: 
  818:  * "sudo -i command" now works correctly with the bash version
  819:    2.0 and higher.  Previously, the .bash_profile would not be
  820:    sourced prior to running the command unless bash was built with
  821:    NON_INTERACTIVE_LOGIN_SHELLS defined.
  822: 
  823:  * When matching groups in the sudoers file, sudo will now match
  824:    based on the name of the group instead of the group ID. This can
  825:    substantially reduce the number of group lookups for sudoers
  826:    files that contain a large number of groups.
  827: 
  828:  * Multi-factor authentication is now supported on AIX.
  829: 
  830:  * Added support for non-RFC 4517 compliant LDAP servers that require
  831:    that seconds be present in a timestamp, such as Tivoli Directory Server.
  832: 
  833:  * If the group vector is to be preserved, the PATH search for the
  834:    command is now done with the user's original group vector.
  835: 
  836:  * For LDAP-based sudoers, the "runas_default" sudoOption now works
  837:    properly in a sudoRole that contains a sudoCommand.
  838: 
  839:  * Spaces in command line arguments for "sudo -s" and "sudo -i" are
  840:    now escaped with a backslash when checking the security policy.
  841: 
  842: What's new in Sudo 1.8.1p2?
  843: 
  844:  * Two-character CIDR-style IPv4 netmasks are now matched correctly
  845:    in the sudoers file.
  846: 
  847:  * A build error with MIT Kerberos V has been resolved.
  848: 
  849:  * A crash on HP-UX in the sudoers plugin when wildcards are
  850:    present in the sudoers file has been resolved.
  851: 
  852:  * Sudo now works correctly on Tru64 Unix again.
  853: 
  854: What's new in Sudo 1.8.1p1?
  855: 
  856:  * Fixed a problem on AIX where sudo was unable to set the final
  857:    uid if the PAM module modified the effective uid.
  858: 
  859:  * A non-existent includedir is now treated the same as an empty
  860:    directory and not reported as an error.
  861: 
  862:  * Removed extraneous parens in LDAP filter when sudoers_search_filter
  863:    is enabled that can cause an LDAP search error.
  864: 
  865:  * Fixed a "make -j" problem for "make install".
  866: 
  867: What's new in Sudo 1.8.1?
  868: 
  869:  * A new LDAP setting, sudoers_search_filter, has been added to
  870:    ldap.conf.  This setting can be used to restrict the set of
  871:    records returned by the LDAP query.  Based on changes from Matthew
  872:    Thomas.
  873: 
  874:  * White space is now permitted within a User_List when used in
  875:    conjunction with a per-user Defaults definition.
  876: 
  877:  * A group ID (%#gid) may now be specified in a User_List or Runas_List.
  878:    Likewise, for non-Unix groups the syntax is %:#gid.
  879: 
  880:  * Support for double-quoted words in the sudoers file has been fixed.
  881:    The change in 1.7.5 for escaping the double quote character
  882:    caused the double quoting to only be available at the beginning
  883:    of an entry.
  884: 
  885:  * The fix for resuming a suspended shell in 1.7.5 caused problems
  886:    with resuming non-shells on Linux.  Sudo will now save the process
  887:    group ID of the program it is running on suspend and restore it
  888:    when resuming, which fixes both problems.
  889: 
  890:  * A bug that could result in corrupted output in "sudo -l" has been
  891:    fixed.
  892: 
  893:  * Sudo will now create an entry in the utmp (or utmpx) file when
  894:    allocating a pseudo-tty (e.g. when logging I/O).  The "set_utmp"
  895:    and "utmp_runas" sudoers file options can be used to control this.
  896:    Other policy plugins may use the "set_utmp" and "utmp_user"
  897:    entries in the command_info list.
  898: 
  899:  * The sudoers policy now stores the TSID field in the logs
  900:    even when the "iolog_file" sudoers option is defined to a value
  901:    other than %{sessid}.  Previously, the TSID field was only
  902:    included in the log file when the "iolog_file" option was set
  903:    to its default value.
  904: 
  905:  * The sudoreplay utility now supports arbitrary session IDs.
  906:    Previously, it would only work with the base-36 session IDs
  907:    that the sudoers plugin uses by default.
  908: 
  909:  * Sudo now passes "run_shell=true" to the policy plugin in the
  910:    settings list when sudo's -s command line option is specified.
  911:    The sudoers policy plugin uses this to implement the "set_home"
  912:    sudoers option which was missing from sudo 1.8.0.
  913: 
  914:  * The "noexec" functionality has been moved out of the sudoers
  915:    policy plugin and into the sudo front-end, which matches the
  916:    behavior documented in the plugin writer's guide.  As a result,
  917:    the path to the noexec file is now specified in the sudo.conf
  918:    file instead of the sudoers file.
  919: 
  920:  * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
  921:    implement the "noexec" feature.  Previously, this was implemented
  922:    via the LD_PRELOAD environment variable.
  923: 
  924:  * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
  925:    have been fixed in the sudoers policy plugin.
  926: 
  927:  * The sudoers policy plugin now passes the login class, if any,
  928:    back to the sudo front-end.
  929: 
  930:  * The sudoers policy plugin was not being linked with requisite
  931:    libraries in certain configurations.
  932: 
  933:  * Sudo now parses command line arguments before loading any plugins.
  934:    This allows "sudo -V" or "sudo -h" to work even if there is a problem
  935:    with sudo.conf
  936: 
  937:  * Plugins are now linked with the static version of libgcc to allow
  938:    the plugin to run on a system where no shared libgcc is installed,
  939:    or where it is installed in a different location.
  940: 
  941: What's new in Sudo 1.8.0?
  942: 
  943:  * Sudo has been refactored to use a modular framework that can
  944:    support third-party policy and I/O logging plugins.  The default
  945:    plugin is "sudoers" which provides the traditional sudo functionality.
  946:    See the sudo_plugin manual for details on the plugin API and the
  947:    sample in the plugins directory for a simple example.
  948: 
  949: What's new in Sudo 1.7.5?
  950: 
  951:  * When using visudo in check mode, a file named "-" may be used to
  952:    check sudoers data on the standard input.
  953: 
  954:  * Sudo now only fetches shadow password entries when using the
  955:    password database directly for authentication.
  956: 
  957:  * Password and group entries are now cached using the same key
  958:    that was used to look them up.  This fixes a problem when looking
  959:    up entries by name if the name in the retrieved entry does not
  960:    match the name used to look it up.  This may happen on some systems
  961:    that do case insensitive lookups or that truncate long names.
  962: 
  963:  * GCC will no longer display warnings on glibc systems that use
  964:    the warn_unused_result attribute for write(2) and other system calls.
  965: 
  966:  * If a PAM account management module denies access, sudo now prints
  967:    a more useful error message and stops trying to validate the user.
  968: 
  969:  * Fixed a potential hang on idle systems when the sudo-run process
  970:    exits immediately.
  971: 
  972:  * Sudo now includes a copy of zlib that will be used on systems
  973:    that do not have zlib installed.
  974: 
  975:  * The --with-umask-override configure flag has been added to enable
  976:    the "umask_override" sudoers Defaults option at build time.
  977: 
  978:  * Sudo now unblocks all signals on startup to avoid problems caused
  979:    by the parent process changing the default signal mask.
  980: 
  981:  * LDAP Sudoers entries may now specify a time period for which
  982:    the entry is valid.  This requires an updated sudoers schema
  983:    that includes the sudoNotBefore and sudoNotAfter attributes.
  984:    Support for timed entries must be explicitly enabled in the
  985:    ldap.conf file.  Based on changes from Andreas Mueller.
  986: 
  987:  * LDAP Sudoers entries may now specify a sudoOrder attribute that
  988:    determines the order in which matching entries are applied.  The
  989:    last matching entry is used, just like file-based sudoers.  This
  990:    requires an updated sudoers schema that includes the sudoOrder
  991:    attribute.  Based on changes from Andreas Mueller.
  992: 
  993:  * When run as sudoedit, or when given the -e flag, sudo now treats
  994:    command line arguments as pathnames.  This means that slashes
  995:    in the sudoers file entry must explicitly match slashes in
  996:    the command line arguments.  As a result, and entry such as:
  997: 	user ALL = sudoedit /etc/*
  998:    will allow editing of /etc/motd but not /etc/security/default.
  999: 
 1000:  * NETWORK_TIMEOUT is now an alias for BIND_TIMELIMIT in ldap.conf for
 1001:    compatibility with OpenLDAP configuration files.
 1002: 
 1003:  * The LDAP API TIMEOUT parameter is now honored in ldap.conf.
 1004: 
 1005:  * The I/O log directory may now be specified in the sudoers file.
 1006: 
 1007:  * Sudo will no longer refuse to run if the sudoers file is writable
 1008:    by root.
 1009: 
 1010:  * Sudo now performs command line escaping for "sudo -s" and "sudo -i"
 1011:    after validating the command so the sudoers entries do not need
 1012:    to include the backslashes.
 1013: 
 1014:  * Logging and email sending are now done in the locale specified
 1015:    by the "sudoers_locale" setting ("C" by default).  Email send by
 1016:    sudo now includes MIME headers when "sudoers_locale" is not "C".
 1017: 
 1018:  * The configure script has a new option, --disable-env-reset, to
 1019:    allow one to change the default for the sudoers Default setting
 1020:    "env_reset" at compile time.
 1021: 
 1022:  * When logging "sudo -l command", sudo will now prepend "list "
 1023:    to the command in the log line to distinguish between an
 1024:    actual command invocation in the logs.
 1025: 
 1026:  * Double-quoted group and user names may now include escaped double
 1027:    quotes as part of the name.  Previously this was a parse error.
 1028: 
 1029:  * Sudo once again restores the state of the signal handlers it
 1030:    modifies before executing the command.  This allows sudo to be
 1031:    used with the nohup command.
 1032: 
 1033:  * Resuming a suspended shell now works properly when I/O logging
 1034:    is not enabled (the I/O logging case was already correct).
 1035: 
 1036: What's new in Sudo 1.7.4p6?
 1037: 
 1038:  * A bug has been fixed in the I/O logging support that could cause
 1039:    visual artifacts in full-screen programs such as text editors.
 1040: 
 1041: What's new in Sudo 1.7.4p5?
 1042: 
 1043:  * A bug has been fixed that would allow a command to be run without the
 1044:    user entering a password when sudo's -g flag is used without the -u flag.
 1045: 
 1046:  * If user has no supplementary groups, sudo will now fall back on checking
 1047:    the group file explicitly, which restores historic sudo behavior.
 1048: 
 1049:  * A crash has been fixed when sudo's -g flag is used without the -u flag
 1050:    and the sudoers file contains an entry with no runas user or group listed.
 1051: 
 1052:  * A crash has been fixed when the Solaris project support is enabled
 1053:    and sudo's -g flag is used without the -u flag.
 1054: 
 1055:  * Sudo no longer exits with an error when support for auditing is
 1056:    compiled in but auditing is not enabled.
 1057: 
 1058:  * Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
 1059:    being honored when the "targetpw" sudoers Defaults option was enabled.
 1060: 
 1061:  * The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
 1062: 
 1063:  * A crash has been fixed in "sudo -l" when sudo is built with auditing
 1064:    support and the user is not allowed to run any commands on the host.
 1065: 
 1066: What's new in Sudo 1.7.4p4?
 1067: 
 1068:  * A potential security issue has been fixed with respect to the handling
 1069:    of sudo's -g command line option when -u is also specified.  The flaw
 1070:    may allow an attacker to run commands as a user that is not authorized
 1071:    by the sudoers file.
 1072: 
 1073:  * A bug has been fixed where "sudo -l" output was incomplete if multiple
 1074:    sudoers sources were defined in nsswitch.conf and there was an error
 1075:    querying one of the sources.
 1076: 
 1077:  * The log_input, log_output, and use_pty sudoers options now work correctly
 1078:    on AIX.  Previously, sudo would hang if they were enabled.
 1079: 
 1080:  * The "make install" target now works correctly when sudo is built in a
 1081:    directory other than the source directory.
 1082: 
 1083:  * The "runas_default" sudoers setting now works properly in a per-command
 1084:    Defaults line.
 1085: 
 1086:  * Suspending and resuming the bash shell when PAM is in use now works
 1087:    correctly.  The SIGCONT signal was not propagated to the child process.
 1088: 
 1089: What's new in Sudo 1.7.4p3?
 1090: 
 1091:  * A bug has been fixed where duplicate HOME environment variables could be
 1092:    present when the env_reset setting was disabled and the always_set_home
 1093:    setting was enabled in sudoers.
 1094: 
 1095:  * The value of sysconfdir is now substituted into the path to the sudoers.d
 1096:    directory in the installed sudoers file.
 1097: 
 1098:  * Compilation problems on IRIX and other platforms have been fixed.
 1099: 
 1100:  * If multiple PAM "auth" actions are specified and the user enters ^C at
 1101:    the password prompt, sudo will no longer prompt for a password for any
 1102:    subsequent "auth" actions.  Previously it was necessary to enter ^C for
 1103:    each "auth" action.
 1104: 
 1105: What's new in Sudo 1.7.4p2?
 1106: 
 1107:  * A bug where sudo could spin in a busy loop waiting for the child process
 1108:    has been fixed.
 1109: 
 1110: What's new in Sudo 1.7.4p1?
 1111: 
 1112:  * A bug introduced in sudo 1.7.3 that prevented the -k and -K options from
 1113:    functioning when the tty_tickets sudoers option is enabled has been fixed.
 1114: 
 1115:  * Sudo no longer prints a warning when the -k or -K options are specified
 1116:    and the ticket file does not exist.
 1117: 
 1118:  * It is now easier to cross-compile sudo.
 1119: 
 1120: What's new in Sudo 1.7.4?
 1121: 
 1122:  * Sudoedit will now preserve the file extension in the name of the
 1123:    temporary file being edited.  The extension is used by some
 1124:    editors (such as emacs) to choose the editing mode.
 1125: 
 1126:  * Time stamp files have moved from /var/run/sudo to either /var/db/sudo,
 1127:    /var/lib/sudo or /var/adm/sudo.  The directories are checked for
 1128:    existence in that order.  This prevents users from receiving the
 1129:    sudo lecture every time the system reboots.  Time stamp files older
 1130:    than the boot time are ignored on systems where it is possible to
 1131:    determine this.
 1132: 
 1133:  * The tty_tickets sudoers option is now enabled by default.
 1134: 
 1135:  * Ancillary documentation (README files, LICENSE, etc) is now installed
 1136:    in a sudo documentation directory.
 1137: 
 1138:  * Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
 1139:    in ldap.conf.
 1140: 
 1141:  * Defaults settings that are tied to a user, host or command may
 1142:    now include the negation operator.  For example:
 1143: 	Defaults:!millert lecture
 1144:    will match any user but millert.
 1145: 
 1146:  * The default PATH environment variable, used when no PATH variable
 1147:     exists, now includes /usr/sbin and /sbin.
 1148: 
 1149:  * Sudo now uses polypkg (http://rc.quest.com/topics/polypkg/)
 1150:    for cross-platform packing.
 1151: 
 1152:  * On Linux, sudo will now restore the nproc resource limit before
 1153:    executing a command, unless the limit appears to have been modified
 1154:    by pam_limits.  This avoids a problem with bash scripts that open
 1155:    more than 32 descriptors on SuSE Linux, where sysconf(_SC_CHILD_MAX)
 1156:    will return -1 when RLIMIT_NPROC is set to RLIMIT_UNLIMITED (-1).
 1157: 
 1158:  * The HOME and MAIL environment variables are now reset based on the
 1159:    target user's password database entry when the env_reset sudoers option
 1160:    is enabled (which is the case in the default configuration).  Users
 1161:    wishing to preserve the original values should use a sudoers entry like:
 1162: 	Defaults env_keep += HOME
 1163:    to preserve the old value of HOME and
 1164: 	Defaults env_keep += MAIL
 1165:    to preserve the old value of MAIL.
 1166: 
 1167:  * Fixed a problem in the restoration of the AIX authdb registry setting.
 1168: 
 1169:  * Sudo will now fork(2) and wait until the command has completed before
 1170:    calling pam_close_session().
 1171: 
 1172:  * The default syslog facility is now "authpriv" if the operating system
 1173:    supports it, else "auth".
 1174: 
 1175: What's new in Sudo 1.7.3?
 1176: 
 1177:  * Support for logging I/O for the command being run.
 1178:    For more information, see the documentation for the "log_input"
 1179:    and "log_output" Defaults options in the sudoers manual.  Also
 1180:    see the sudoreplay manual for how to replay I/O log sessions.
 1181: 
 1182:  * The use_pty sudoers option can be used to force a command to be
 1183:    run in a pseudo-pty, even when I/O logging is not enabled.
 1184: 
 1185:  * On some systems, sudo can now detect when a user has logged out
 1186:    and back in again when tty-based time stamps are in use.  Supported
 1187:    systems include Solaris systems with the devices file system,
 1188:    Mac OS X, and Linux systems with the devpts filesystem (pseudo-ttys
 1189:    only).
 1190: 
 1191:  * On AIX systems, the registry setting in /etc/security/user is
 1192:    now taken into account when looking up users and groups.  Sudo
 1193:    now applies the correct the user and group ids when running a
 1194:    command as a user whose account details come from a different
 1195:    source (e.g. LDAP or DCE vs.  local files).
 1196: 
 1197:  * Support for multiple 'sudoers_base' and 'uri' entries in ldap.conf.
 1198:    When multiple entries are listed, sudo will try each one in the
 1199:    order in which they are specified.
 1200: 
 1201:  * Sudo's SELinux support should now function correctly when running
 1202:    commands as a non-root user and when one of stdin, stdout or stderr
 1203:    is not a terminal.
 1204: 
 1205:  * Sudo will now use the Linux audit system with configure with
 1206:    the --with-linux-audit flag.
 1207: 
 1208:  * Sudo now uses mbr_check_membership() on systems that support it
 1209:    to determine group membership.  Currently, only Darwin (Mac OS X)
 1210:    supports this.
 1211: 
 1212:  * When the tty_tickets sudoers option is enabled but there is no
 1213:    terminal device, sudo will no longer use or create a tty-based
 1214:    ticket file.  Previously, sudo would use a tty name of "unknown".
 1215:    As a consequence, if a user has no terminal device, sudo will
 1216:    now always prompt for a password.
 1217: 
 1218:  * The passwd_timeout and timestamp_timeout options may now be
 1219:    specified as floating point numbers for more granular timeout
 1220:    values.
 1221: 
 1222:  * Negating the fqdn option in sudoers now works correctly when sudo
 1223:    is configured with the --with-fqdn option.  In previous versions
 1224:    of sudo the fqdn was set before sudoers was parsed.
 1225: 
 1226: What's new in Sudo 1.7.2?
 1227: 
 1228:  * A new #includedir directive is available in sudoers.  This can be
 1229:    used to implement an /etc/sudo.d directory.  Files in an includedir
 1230:    are not edited by visudo unless they contain a syntax error.
 1231: 
 1232:  * The -g option did not work properly when only setting the group
 1233:    (and not the user).  Also, in -l mode the wrong user was displayed
 1234:    for sudoers entries where only the group was allowed to be set.
 1235: 
 1236:  * Fixed a problem with the alias checking in visudo which
 1237:    could prevent visudo from exiting.
 1238: 
 1239:  * Sudo will now correctly parse the shell-style /etc/environment
 1240:    file format used by pam_env on Linux.
 1241: 
 1242:  * When doing password and group database lookups, sudo will only
 1243:    cache an entry by name or by id, depending on how the entry was
 1244:    looked up.  Previously, sudo would cache by both name and id
 1245:    from a single lookup, but this breaks sites that have multiple
 1246:    password or group database names that map to the same uid or
 1247:    gid.
 1248: 
 1249:  * User and group names in sudoers may now be enclosed in double
 1250:    quotes to avoid having to escape special characters.
 1251: 
 1252:  * BSM audit fixes when changing to a non-root uid.
 1253: 
 1254:  * Experimental non-Unix group support.  Currently only works with
 1255:    Quest Authorization Services and allows Active Directory groups
 1256:    fixes for Minix-3.
 1257: 
 1258:  * For Netscape/Mozilla-derived LDAP SDKs the certificate and key
 1259:    paths may be specified as a directory or a file.  However, version
 1260:    5.0 of the SDK only appears to support using a directory (despite
 1261:    documentation to the contrary).  If SSL client initialization
 1262:    fails and the certificate or key paths look like they could be
 1263:    default file name, strip off the last path element and try again.
 1264: 
 1265:  * A setenv() compatibility fix for Linux systems, where a NULL
 1266:    value is treated the same as an empty string and the variable
 1267:    name is checked against the NULL pointer.
 1268: 
 1269: What's new in Sudo 1.7.1?
 1270: 
 1271:  * A new Defaults option "pwfeedback" will cause sudo to provide visual
 1272:    feedback when the user is entering a password.
 1273: 
 1274:  * A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
 1275:    function for file name globbing instead of glob().  When this option
 1276:    is enabled, sudo will not check the file system when expanding wildcards.
 1277:    This is faster but a side effect is that relative paths with wildcard
 1278:    will no longer work.
 1279: 
 1280:  * New BSM audit support for systems that support it such as FreeBSD
 1281:    and Mac OS X.
 1282: 
 1283:  * The file name specified with the #include directive may now include
 1284:    a %h escape which is expanded to the short form of hostname.
 1285: 
 1286:  * The -k flag may now be specified along with a command, causing the
 1287:    user's timestamp file to be ignored.
 1288: 
 1289:  * New support for Tivoli-based LDAP START_TLS, present in AIX.
 1290: 
 1291:  * New support for /etc/netsvc.conf on AIX.
 1292: 
 1293:  * The unused alias checks in visudo now handle the case of an alias
 1294:    referring to another alias.
 1295: 
 1296: What's new in Sudo 1.7.0?
 1297: 
 1298:  * Rewritten parser that converts sudoers into a set of data structures.
 1299:    This eliminates a number of ordering issues and makes it possible to
 1300:    apply sudoers Defaults entries before searching for the command.
 1301:    It also adds support for per-command Defaults specifications.
 1302: 
 1303:  * Sudoers now supports a #include facility to allow the inclusion of other
 1304:    sudoers-format files.
 1305: 
 1306:  * Sudo's -l (list) flag has been enhanced:
 1307:     o applicable Defaults options are now listed
 1308:     o a command argument can be specified for testing whether a user
 1309:       may run a specific command.
 1310:     o a new -U flag can be used in conjunction with "sudo -l" to allow
 1311:       root (or a user with "sudo ALL") list another user's privileges.
 1312: 
 1313:  * A new -g flag has been added to allow the user to specify a
 1314:    primary group to run the command as.  The sudoers syntax has been
 1315:    extended to include a group section in the Runas specification.
 1316: 
 1317:  * A uid may now be used anywhere a username is valid.
 1318: 
 1319:  * The "secure_path" run-time Defaults option has been restored.
 1320: 
 1321:  * Password and group data is now cached for fast lookups.
 1322: 
 1323:  * The file descriptor at which sudo starts closing all open files is now
 1324:    configurable via sudoers and, optionally, the command line.
 1325: 
 1326:  * Visudo will now warn about aliases that are defined but not used.
 1327: 
 1328:  * The -i and -s command line flags now take an optional command
 1329:    to be run via the shell.  Previously, the argument was passed
 1330:    to the shell as a script to run.
 1331: 
 1332:  * Improved LDAP support.  SASL authentication may now be used in
 1333:    conjunction when connecting to an LDAP server.  The krb5_ccname
 1334:    parameter in ldap.conf may be used to enable Kerberos.
 1335: 
 1336:  * Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
 1337:    to specify the sudoers order.  E.g.:
 1338: 	sudoers: ldap files
 1339:    to check LDAP, then /etc/sudoers.  The default is "files", even
 1340:    when LDAP support is compiled in.  This differs from sudo 1.6
 1341:    where LDAP was always consulted first.
 1342: 
 1343:  * Support for /etc/environment on AIX and Linux.  If sudo is run
 1344:    with the -i flag, the contents of /etc/environment are used to
 1345:    populate the new environment that is passed to the command being
 1346:    run.
 1347: 
 1348:  * If no terminal is available or if the new -A flag is specified,
 1349:    sudo will use a helper program to read the password if one is
 1350:    configured.  Typically, this is a graphical password prompter
 1351:    such as ssh-askpass.
 1352: 
 1353:  * A new Defaults option, "mailfrom" that sets the value of the
 1354:    "From:" field in the warning/error mail.  If unspecified, the
 1355:    login name of the invoking user is used.
 1356: 
 1357:  * A new Defaults option, "env_file" that refers to a file containing
 1358:    environment variables to be set in the command being run.
 1359: 
 1360:  * A new flag, -n, may be used to indicate that sudo should not
 1361:    prompt the user for a password and, instead, exit with an error
 1362:    if authentication is required.
 1363: 
 1364:  * If sudo needs to prompt for a password and it is unable to disable
 1365:    echo (and no askpass program is defined), it will refuse to run
 1366:    unless the "visiblepw" Defaults option has been specified.
 1367: 
 1368:  * Prior to version 1.7.0, hitting enter/return at the Password: prompt
 1369:    would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
 1370:    an empty password.  To exit sudo, the user must press ^C or ^D
 1371:    at the prompt.
 1372: 
 1373:  * visudo will now check the sudoers file owner and mode in -c (check)
 1374:    mode when the -s (strict) flag is specified.
 1375: 
 1376:  * A new Defaults option "umask_override" will cause sudo to set the
 1377:    umask specified in sudoers even if it is more permissive than the
 1378:    invoking user's umask.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>