1
What's new in Sudo 1.8.6p3?
3
* Fixed post-processing of the man pages on systems with legacy
6
* Fixed "sudoreplay -l" on Linux systems with file systems that
7
set DT_UNKNOWN in the d_type field of struct dirent.
9
What's new in Sudo 1.8.6p2?
11
* Fixed suspending a command after it has already been resumed
12
once when I/O logging (or use_pty) is not enabled.
13
This was a regression introduced in version 1.8.6.
15
What's new in Sudo 1.8.6p1?
17
* Fixed the setting of LOGNAME, USER and USERNAME variables in the
18
command's environment when env_reset is enabled (the default).
19
This was a regression introduced in version 1.8.6.
21
* Sudo now honors SUCCESS=return in /etc/nsswitch.conf.
23
What's new in Sudo 1.8.6?
25
* Sudo is now built with the -fstack-protector flag if the the
26
compiler supports it. Also, the -zrelro linker flag is used if
27
supported. The --disable-hardening configure option can be used
28
to build sudo without stack smashing protection.
30
* Sudo is now built as a Position Independent Executable (PIE)
31
if supported by the compiler and linker.
33
* If the user is a member of the "exempt" group in sudoers, they
34
will no longer be prompted for a password even if the -k flag
35
is specified with the command. This makes "sudo -k command"
36
consistent with the behavior one would get if the user ran "sudo
37
-k" immediately before running the command.
39
* The sudoers file may now be a symbolic link. Previously, sudo
40
would refuse to read sudoers unless it was a regular file.
42
* The sudoreplay command can now properly replay sessions where
45
* The sudoers plugin now takes advantage of symbol visibility
46
controls when supported by the compiler or linker. As a result,
47
only a small number of symbols are exported which significantly
48
reduces the chances of a conflict with other shared objects.
50
* Improved support for the Tivoli Directory Server LDAP client
51
libraries. This includes support for using LDAP over SSL (ldaps)
52
as well as support for the BIND_TIMELIMIT, TLS_KEY and TLS_CIPHERS
53
ldap.conf options. A new ldap.conf option, TLS_KEYPW can be
54
used to specify a password to decrypt the key database.
56
* When constructing a time filter for use with LDAP sudoNotBefore
57
and sudoNotAfter attributes, the current time now includes tenths
58
of a second. This fixes a problem with timed entries on Active
61
* If a user fails to authenticate and the command would be rejected
62
by sudoers, it is now logged with "command not allowed" instead
63
of "N incorrect password attempts". Likewise, the "mail_no_perms"
64
sudoers option now takes precedence over "mail_badpass".
66
* The sudo manuals are now formatted using the mdoc macros. Versions
67
using the legacy man macros are provided for systems that lack mdoc.
69
* New support for Solaris privilege sets. This makes it possible
70
to specify fine-grained privileges in the sudoers file on Solaris
71
10 and above. A Runas_Spec that contains no Runas_Lists can be
72
used to give a user the ability to run a command as themselves
73
but with an expanded privilege set.
75
* Fixed a problem with the reboot and shutdown commands on some
76
systems (such as HP-UX and BSD). On these systems, reboot sends
77
all processes (except itself) SIGTERM. When sudo received
78
SIGTERM, it would relay it to the reboot process, thus killing
79
reboot before it had a chance to actually reboot the system.
81
* Support for using the System Security Services Daemon (SSSD) as
82
a source of sudoers data.
84
* Slovenian translation for sudo and sudoers from translationproject.org.
86
* Visudo will now warn about unknown Defaults entries that are
87
per-host, per-user, per-runas or per-command.
89
* Fixed a race condition that could cause sudo to receive SIGTTOU
90
(and stop) when resuming a shell that was run via sudo when I/O
91
logging (and use_pty) is not enabled.
93
* Sending SIGTSTP directly to the sudo process will now suspend the
94
running command when I/O logging (and use_pty) is not enabled.
96
What's new in Sudo 1.8.5p3?
98
* Fixed the loading of I/O plugins that conform to a plugin API
99
version older than 1.2.
1
101
What's new in Sudo 1.8.5p2?
3
103
* Fixed use of the SUDO_ASKPASS environment variable which was