1
What's new in Sudo 1.8.12
3
* The embedded copy of zlib has been upgraded to version 1.2.8 and
4
is now installed as a shared library where supported.
6
* Debug settings for the sudo front end and sudoers plugin are now
9
* Multiple sudo.conf Debug entries may now be specified per program
12
* The plugin API has been extended such that the path to the plugin
13
that was loaded is now included in the settings array. This
14
path can be used to register with the debugging subsystem. The
15
debug_flags setting is now prefixed with a file name and may be
16
specified multiple times if there is more than one matching Debug
19
* The sudoers regression tests now run with the locale set to C
20
since some of the tests compare output that includes locale-specific
23
* Fixed a bug where sudo would not run commands on Linux when
24
compiled with audit support if audit is disabled. Bug #671
26
* Added __BASH_FUNC<* to the environment blacklist to match
27
Apple's syntax for newer-style bash functions.
29
* The default password prompt now includes a trailing space after
30
"Password:" for consistency with su(1) on most systems.
33
* Fixed a problem on DragonFly BSD where SIGCHLD could be ignored,
34
preventing sudo from exiting. Bug #676
36
* Visudo will now use the optional sudoers_file, sudoers_mode,
37
sudoers_uid and sudoers_gid arguments if specified on the
38
sudoers.so Plugin line in the sudo.conf file.
40
* Fixed a problem introduced in sudo 1.8.8 that prevented the full
41
host name from being used when the "fqdn" sudoers option is used.
44
* French and Russian translations for sudoers from translationproject.org.
46
* Sudo now installs a handler for SIGCHLD signal handler immediately
47
before stating the process that will execute the command (or
48
start the monitor). The handler used to be installed earlier
49
but this causes problems with poorly behaved PAM modules that
50
install their own SIGCHLD signal handler and neglect to restore
51
sudo's original handler. Bug #657
53
* Removed a limit on the length of command line arguments expanded
54
by a wild card using sudo's version of the fnmatch() function.
55
This limit was introduced when sudo's version of fnmatch()
56
was replaced in sudo 1.8.4.
58
* LDAP-based sudoers can now query an LDAP server for a user's
59
netgroups directly. This is often much faster than fetching
60
every sudoRole object containing a sudoUser that begins with a
61
`+' prefix and checking whether the user is a member of any of
62
the returned netgroups.
64
* The mail_always sudoers option no longer sends mail for "sudo -l"
65
or "sudo -v" unless the user is unable to authenticate themselves.
67
* Fixed a crash when sudo is run with an empty argument vector.
69
* Fixed two potential crashes when sudo is run with very low
72
* The TZ environment variable is now checked for safety instead
73
of simply being copied to the environment of the command.
75
What's new in Sudo 1.8.11p2
77
* Fixed a bug where dynamic shared objects loaded from a plugin
78
could use the hooked version of getenv() but not the hooked
79
versions of putenv(), setenv() or unsetenv(). This can cause
80
problems for PAM modules that use those functions.
82
What's new in Sudo 1.8.11p1
84
* Fixed a compilation problem on some systems when the
85
--disable-shared-libutil configure option was specified.
87
* The user can no longer interrupt the sleep after an incorrect
88
password on PAM systems using pam_unix.
91
* Fixed a compilation problem on Linux systems that do not use PAM.
94
* "make install" will now work with the stock GNU autotools
95
install-sh script. Bug #669
97
* Fixed a crash with "sudo -i" when the current working directory
98
does not exist. Bug #670
100
* Fixed a potential crash in the debug subsystem when logging a message
101
larger that 1024 bytes.
103
* Fixed a "make check" failure for ttyname when stdin is closed and
104
stdout and stderr are redirected to a different tty. Bug #643
106
* Added BASH_FUNC_* to the environment blacklist to match newer-style
109
What's new in Sudo 1.8.11
111
* The sudoers plugin no longer uses setjmp/longjmp to recover
112
from fatal errors. All errors are now propagated to the caller
115
* When running a command in the background, sudo will now forward
116
SIGINFO to the command (if supported).
118
* Sudo will now use the system versions of the sha2 functions from
119
libc or libmd if available.
121
* Visudo now works correctly on GNU Hurd. Bug #647
123
* Fixed suspend and resume of curses programs on some system when
124
the command is not being run in a pseudo-terminal. Bug #649
126
* Fixed a crash with LDAP-based sudoers on some systems when
127
Kerberos was enabled.
129
* Sudo now includes optional Solaris audit support.
131
* Catalan translation for sudoers from translationproject.org.
133
* Norwegian Bokmaal translation for sudo from translationproject.org.
135
* Greek translation for sudoers from translationproject.org
137
* The sudo source tree has been reorganized to more closely resemble
138
that of other gettext-enabled packages.
140
* Sudo and its associated programs now link against a shared version
141
of libsudo_util. The --disable-shared-libutil configure option
142
may be used to force static linking if the --enable-static-sudoers
143
option is also specified.
145
* The passwords in ldap.conf and ldap.secret may now be encoded
148
* Audit updates. SELinux role changes are now audited. For
149
sudoedit, we now audit the actual editor being run, instead of
150
just the sudoedit command.
152
* Fixed bugs in the man page post-processing that could cause
153
portions of the manuals to be removed.
155
* Fixed a crash in the system_group plugin. Bug #653.
157
* Fixed sudoedit on platforms without a native version of the
158
getprogname() function. Bug #654.
160
* Fixed compilation problems with some pre-C99 compilers.
162
* Fixed sudo's -C option which was broken in version 1.8.9.
164
* It is now possible to match an environment variable's value as
165
well as its name using env_keep and env_check. This can be used
166
to preserve bash functions which would otherwise be removed from
169
* New files created via sudoedit as a non-root user now have the
170
proper group id. Bug #656
172
* Sudoedit now works correctly in conjunction with sudo's SELinux
173
RBAC support. Temporary files are now created with the proper
176
* The sudo I/O logging plugin API has been updated. If a logging
177
function returns an error, the command will be terminated and
178
all of the plugin's logging functions will be disabled. If a
179
logging function rejects the command's output it will no longer
180
be displayed to the user's terminal.
182
* Fixed a compilation error on systems that lack openpty(), _getpty()
183
and grantpt(). Bug #660
185
* Fixed a hang when a sudoers source is listed more than once in
186
a single sudoers nsswitch.conf entry.
188
* On AIX, shell scripts without a #! magic number are now passed to
189
/usr/bin/sh, not /usr/bin/bsh. This is consistent with what the
190
execvp() function on AIX does and matches historic sudo behavior.
193
* Fixed a cross-compilation problem building mksiglist and mksigname.
196
What's new in Sudo 1.8.10p3?
198
* Fixed expansion of %p in the prompt for "sudo -l" when rootpw,
199
runaspw or targetpw is set. Bug #639
201
* Fixed matching of UIDs and GIDs which was broken in version 1.8.9.
204
* PAM credential initialization has been re-enabled. It was
205
unintentionally disabled by default in version 1.8.8. The way
206
credentials are initialized has also been fixed. Bug #642.
208
* Fixed a descriptor leak on Linux when determining boot time. Sudo
209
normally closes extra descriptors before running a command so
210
the impact is limited. Bug #645
212
* Fixed flushing of the last buffer of data when I/O logging is
213
enabled. This bug, introduced in version 1.8.9, could cause
214
incomplete command output on some systems. Bug #646
216
What's new in Sudo 1.8.10p2?
218
* Fixed a hang introduced in sudo 1.8.10 when timestamp_timeout
221
What's new in Sudo 1.8.10p1?
223
* Fixed a bug introduced in sudo 1.8.10 that prevented the disabling
224
of tty-based tickets.
226
* Fixed a bug with negated commands in "sudo -l command" that
227
could cause the command to be listed even when it was explicitly
228
denied. This only affected list mode when a command was specified.
231
What's new in Sudo 1.8.10?
233
* It is now possible to disable network interface probing in
234
sudo.conf by changing the value of the probe_interfaces
237
* When listing a user's privileges (sudo -l), the sudoers plugin
238
will now prompt for the user's password even if the targetpw,
239
rootpw or runaspw options are set.
241
* The sudoers plugin uses a new format for its time stamp files.
242
Each user now has a single file which may contain multiple records
243
when per-tty time stamps are in use (the default). The time
244
stamps use a monotonic timer where available and are once again
245
located in a directory under /var/run. The lecture status is
246
now stored separately from the time stamps in a different directory.
249
* sudo's -K option will now remove all of the user's time stamps,
250
not just the time stamp for the current terminal. The -k option
251
can be used to only disable time stamps for the current terminal.
253
* If sudo was started in the background and needed to prompt for
254
a password, it was not possible to suspend it at the password
255
prompt. This now works properly.
257
* LDAP-based sudoers now uses a default search filter of
258
(objectClass=sudoRole) for more efficient queries. The netgroup
259
query has been modified to avoid falling below the minimum length
260
for OpenLDAP substring indices.
262
* The new "use_netgroups" sudoers option can be used to explicitly
263
enable or disable netgroups support. For LDAP-based sudoers,
264
netgroup support requires an expensive substring match on the
265
server. If netgroups are not needed, this option can be disabled
266
to reduce the load on the LDAP server.
268
* Sudo is once again able to open the sudoers file when the group
269
on sudoers doesn't match the expected value, so long as the file
270
is not group writable.
272
* Sudo now installs an init.d script to clear the time stamp
273
directory at boot time on AIX and HP-UX systems. These systems
274
either lack /var/run or do not clear it on boot.
276
* The JSON format used by "visudo -x" now properly supports the
277
negation operator. In addition, the Options object is now the
278
same for both Defaults and Cmnd_Specs.
280
* Czech and Serbian translations for sudoers from translationproject.org.
282
* Catalan translation for sudo from translationproject.org.
1
284
What's new in Sudo 1.8.9p5?
3
286
* Fixed a compilation error on AIX when LDAP support is enabled.