diff --git a/NEWS b/NEWS index 8735bd0a0..76c2fc96c 100644 --- a/NEWS +++ b/NEWS @@ -7,37 +7,36 @@ What's new in Sudo 1.9.10 characters instead of the terminal input until a newline or carriage return is found in the input or an output character is received. - * Fixed a bug in "cvtsudoers" when merging multiple sudoers files - with an associated host name when they contain conflicting - Defaults entries. + * Added new "log_passwords" and "passprompt_regex" settings to + sudo_logsrvd that operate like the sudoers options when logging + terminal input. - * In sudo_logsrvd, fixed parsing of "retry_interval" in the [relay] - section. Previously, attempting to set "retry_interval" would - result in a parse error. + * Fixed several few bugs in the cvtsudoers utility when merging + multiple sudoers sources. - * Added a new "noninteractive_auth" sudoers option to control - whether PAM authentication is attempted in non-interactive mode. - If "noninteractive_auth" is set, authentication methods that do - not require input from the user's terminal may proceed. This - option is off by default, which restores the pre-1.9.9 behavior - of "sudo -n". GitHub issue #131. + * Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf + file, where the "retry_interval" in the [relay] section was not + being recognized. - * Added a fallback method when determining the terminal name on - systems with /proc when /proc/self/stat or /proc/pid/psinfo is - missing or invalid. If the /proc file indicates no terminal is - present, there is no fallback. Bug #1020 + * Restored the pre-1.9.9 behavior of not performing authentication + when sudo's -n option is specified. A new "noninteractive_auth" + sudoers option has been added to enable PAM authentication in + non-interactive mode. GitHub issue #131. - * Fixed compilation on Debian kFreeBSD. Bug #1021. + * On systems with /proc, if the /proc/self/stat (Linux) or + /proc/pid/psinfo (other systems) file is missing or invalid, + sudo will now check file descriptors 0-2 to determine the user's + terminal. Bug #1020. + + * Fixed a compilation problem on Debian kFreeBSD. Bug #1021. * Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is received. - * Sudo no longer returns an error if the SSSD back-end is unable - to contact to the SSSD sudo connector. This can happen when - nsswitch.conf lists "sss" as a sudoers source but SSSD is not - configured for sudo. Previously, a useless "problem with defaults - entries" message would be sent to root when the SSSD back-end - attempted to fetch the global defaults. Bug #1022. + * Fixed an issue that resulting in "problem with defaults entries" + email to be sent if a user ran sudo when the sudoers entry in + the nsswitch.conf file includes "sss" but no sudo provider is + configured in /etc/sssd/sssd.conf. Bug #1022. * Removed the text "This incident will be reported." from warnings when the invoking user is not listed in sudoers. This warning @@ -47,14 +46,12 @@ What's new in Sudo 1.9.10 * Fixed a bug where the user-specified command timeout was not being honored if the sudoers rule did not also specify a timeout. - * Added support for matching commands and arguments in sudoers - using POSIX extended regular expressions. Either the command, - the arguments, or both may be (separate) regular expressions. - Regular expressions for commands and arguments must start with - a '^' character and end with a '$'. This makes it possible for - the sudoers parser to tell what is, or is not, a regular expression. - It also means that partial matches are not possible unless the - pattern explicitly allows it. Bug #578, GitHub issue #15. + * Added support for using POSIX extended regular expressions in + sudoers rules. A command and/or arguments in sudoers are treated + as a regular expression if they start with a '^' character and + end with a '$'. The command and arguments are matched separately, + either one (or both) may be a regular expression. + Bug #578, GitHub issue #15. What's new in Sudo 1.9.9