Reword some of the NEWS items for 1.9.10.
This commit is contained in:
Todd C. Miller
59
NEWS
59
NEWS
@@ -7,37 +7,36 @@ What's new in Sudo 1.9.10
|
|||||||
characters instead of the terminal input until a newline or carriage
|
characters instead of the terminal input until a newline or carriage
|
||||||
return is found in the input or an output character is received.
|
return is found in the input or an output character is received.
|
||||||
|
|
||||||
* Fixed a bug in "cvtsudoers" when merging multiple sudoers files
|
* Added new "log_passwords" and "passprompt_regex" settings to
|
||||||
with an associated host name when they contain conflicting
|
sudo_logsrvd that operate like the sudoers options when logging
|
||||||
Defaults entries.
|
terminal input.
|
||||||
|
|
||||||
* In sudo_logsrvd, fixed parsing of "retry_interval" in the [relay]
|
* Fixed several few bugs in the cvtsudoers utility when merging
|
||||||
section. Previously, attempting to set "retry_interval" would
|
multiple sudoers sources.
|
||||||
result in a parse error.
|
|
||||||
|
|
||||||
* Added a new "noninteractive_auth" sudoers option to control
|
* Fixed a bug in sudo_logsrvd when parsing the sudo_logsrvd.conf
|
||||||
whether PAM authentication is attempted in non-interactive mode.
|
file, where the "retry_interval" in the [relay] section was not
|
||||||
If "noninteractive_auth" is set, authentication methods that do
|
being recognized.
|
||||||
not require input from the user's terminal may proceed. This
|
|
||||||
option is off by default, which restores the pre-1.9.9 behavior
|
|
||||||
of "sudo -n". GitHub issue #131.
|
|
||||||
|
|
||||||
* Added a fallback method when determining the terminal name on
|
* Restored the pre-1.9.9 behavior of not performing authentication
|
||||||
systems with /proc when /proc/self/stat or /proc/pid/psinfo is
|
when sudo's -n option is specified. A new "noninteractive_auth"
|
||||||
missing or invalid. If the /proc file indicates no terminal is
|
sudoers option has been added to enable PAM authentication in
|
||||||
present, there is no fallback. Bug #1020
|
non-interactive mode. GitHub issue #131.
|
||||||
|
|
||||||
* Fixed compilation on Debian kFreeBSD. Bug #1021.
|
* On systems with /proc, if the /proc/self/stat (Linux) or
|
||||||
|
/proc/pid/psinfo (other systems) file is missing or invalid,
|
||||||
|
sudo will now check file descriptors 0-2 to determine the user's
|
||||||
|
terminal. Bug #1020.
|
||||||
|
|
||||||
|
* Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
|
||||||
|
|
||||||
* Fixed a crash in sudo_logsrvd when running in relay mode if
|
* Fixed a crash in sudo_logsrvd when running in relay mode if
|
||||||
an alert message is received.
|
an alert message is received.
|
||||||
|
|
||||||
* Sudo no longer returns an error if the SSSD back-end is unable
|
* Fixed an issue that resulting in "problem with defaults entries"
|
||||||
to contact to the SSSD sudo connector. This can happen when
|
email to be sent if a user ran sudo when the sudoers entry in
|
||||||
nsswitch.conf lists "sss" as a sudoers source but SSSD is not
|
the nsswitch.conf file includes "sss" but no sudo provider is
|
||||||
configured for sudo. Previously, a useless "problem with defaults
|
configured in /etc/sssd/sssd.conf. Bug #1022.
|
||||||
entries" message would be sent to root when the SSSD back-end
|
|
||||||
attempted to fetch the global defaults. Bug #1022.
|
|
||||||
|
|
||||||
* Removed the text "This incident will be reported." from warnings
|
* Removed the text "This incident will be reported." from warnings
|
||||||
when the invoking user is not listed in sudoers. This warning
|
when the invoking user is not listed in sudoers. This warning
|
||||||
@@ -47,14 +46,12 @@ What's new in Sudo 1.9.10
|
|||||||
* Fixed a bug where the user-specified command timeout was not
|
* Fixed a bug where the user-specified command timeout was not
|
||||||
being honored if the sudoers rule did not also specify a timeout.
|
being honored if the sudoers rule did not also specify a timeout.
|
||||||
|
|
||||||
* Added support for matching commands and arguments in sudoers
|
* Added support for using POSIX extended regular expressions in
|
||||||
using POSIX extended regular expressions. Either the command,
|
sudoers rules. A command and/or arguments in sudoers are treated
|
||||||
the arguments, or both may be (separate) regular expressions.
|
as a regular expression if they start with a '^' character and
|
||||||
Regular expressions for commands and arguments must start with
|
end with a '$'. The command and arguments are matched separately,
|
||||||
a '^' character and end with a '$'. This makes it possible for
|
either one (or both) may be a regular expression.
|
||||||
the sudoers parser to tell what is, or is not, a regular expression.
|
Bug #578, GitHub issue #15.
|
||||||
It also means that partial matches are not possible unless the
|
|
||||||
pattern explicitly allows it. Bug #578, GitHub issue #15.
|
|
||||||
|
|
||||||
What's new in Sudo 1.9.9
|
What's new in Sudo 1.9.9
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user