Sudo 1.8.22
This commit is contained in:
Todd C. Miller
88
NEWS
88
NEWS
@@ -1,3 +1,55 @@
|
||||
What's new in Sudo 1.8.22
|
||||
|
||||
* Commands run in the background from a script run via sudo will
|
||||
no longer receive SIGHUP when the parent exits and I/O logging
|
||||
is enabled. Bug #502
|
||||
|
||||
* A particularly offensive insult is now disabled by default.
|
||||
Bug #804
|
||||
|
||||
* The description of "sudo -i" now correctly documents that
|
||||
the "env_keep" and "env_check" sudoers options are applied to
|
||||
the environment. Bug #806
|
||||
|
||||
* Fixed a crash when the system's host name is not set.
|
||||
Bug #807
|
||||
|
||||
* The sudoers2ldif script now handle #include and #includedir
|
||||
directives.
|
||||
|
||||
* Fixed a bug where sudo would silently exit when the command was
|
||||
not allowed by sudoers and the "passwd_tries" sudoers option
|
||||
was set to a value less than 1.
|
||||
|
||||
* Fixed a bug with the "listpw" and "verifypw" sudoers options and
|
||||
multiple sudoers sources. If the option is set to "all", a
|
||||
password should be required unless none of a user's sudoers
|
||||
entries from any source require authentication.
|
||||
|
||||
* Fixed a bug with the "listpw" and "verifypw" sudoers options in
|
||||
the LDAP and SSSD back-ends. If the option is set to "any", and
|
||||
the entry contained multiple rules, only the first matching rule
|
||||
was checked. If an entry contained more than one matching rule
|
||||
and the first rule required authentication but a subsequent rule
|
||||
did not, sudo would prompt for a password when it should not have.
|
||||
|
||||
* When running a command as the invoking user (not root), sudo
|
||||
would execute the command with the same group vector it was
|
||||
started with. Sudo now executes the command with a new group
|
||||
vector based on the group database which is consistent with
|
||||
how su(1) operates.
|
||||
|
||||
* Fixed a double free in the SSSD back-end that could occur when
|
||||
ipa_hostname is present in sssd.conf and is set to an unqualified
|
||||
host name.
|
||||
|
||||
* When I/O logging is enabled, sudo will now write to the terminal
|
||||
even when it is a background process. Previously, sudo would
|
||||
only write to the tty when it was the foreground process when
|
||||
I/O logging was enabled. If the TOSTOP terminal flag is set,
|
||||
sudo will suspend the command (and then itself) with the SIGTTOU
|
||||
signal.
|
||||
|
||||
What's new in Sudo 1.8.21p2
|
||||
|
||||
* Fixed a bug introduced in version 1.8.21 which prevented sudo
|
||||
@@ -34,7 +86,7 @@ What's new in Sudo 1.8.21p1
|
||||
playback would hang for I/O logs that contain terminal input.
|
||||
|
||||
* Sudo 1.8.18 contained an incomplete fix for the matching of
|
||||
entries in the LDAP and SSSD backends when a sudoRunAsGroup is
|
||||
entries in the LDAP and SSSD back-ends when a sudoRunAsGroup is
|
||||
specified but no sudoRunAsUser is present in the sudoRole.
|
||||
|
||||
What's new in Sudo 1.8.21
|
||||
@@ -140,8 +192,8 @@ What's new in Sudo 1.8.20
|
||||
be terminated if the timeout expires.
|
||||
|
||||
* The SELinux role and type are now displayed in the "sudo -l"
|
||||
output for the LDAP and SSSD backends, just as they are in the
|
||||
sudoers backend.
|
||||
output for the LDAP and SSSD back-ends, just as they are in the
|
||||
sudoers back-end.
|
||||
|
||||
* A new command line option, -T, can be used to specify a command
|
||||
timeout as long as the user-specified timeout is not longer than
|
||||
@@ -149,7 +201,7 @@ What's new in Sudo 1.8.20
|
||||
used when the "user_command_timeouts" flag is enabled in sudoers.
|
||||
|
||||
* Added NOTBEFORE and NOTAFTER command options to the sudoers
|
||||
backend similar to what is already available in the LDAP backend.
|
||||
back-end similar to what is already available in the LDAP back-end.
|
||||
|
||||
* Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
|
||||
crypt instead of the SHA2 implementation bundled with sudo.
|
||||
@@ -175,7 +227,7 @@ What's new in Sudo 1.8.20
|
||||
to env_file but its contents are subject to the same restrictions
|
||||
as variables in the invoking user's environment.
|
||||
|
||||
* Fixed a use after free bug in the SSSD backend when the fqdn
|
||||
* Fixed a use after free bug in the SSSD back-end when the fqdn
|
||||
sudoOption is enabled and no hostname value is present in
|
||||
/etc/sssd/sssd.conf.
|
||||
|
||||
@@ -338,7 +390,7 @@ What's new in Sudo 1.8.18
|
||||
|
||||
* Fixed a bug where "sudo -l command" would indicate that a command
|
||||
was runnable even when denied by sudoers when using the LDAP or
|
||||
SSSD backends.
|
||||
SSSD back-ends.
|
||||
|
||||
* The match_group_by_gid Defaults option has been added to allow
|
||||
sites where group name resolution is slow and where sudoers only
|
||||
@@ -362,12 +414,12 @@ What's new in Sudo 1.8.18
|
||||
flag is enabled in sudoers. Bug #757
|
||||
|
||||
* Negated sudoHost attributes are now supported by the LDAP and
|
||||
SSSD backends.
|
||||
SSSD back-ends.
|
||||
|
||||
* Fixed matching entries in the LDAP and SSSD backends when a
|
||||
* Fixed matching entries in the LDAP and SSSD back-ends when a
|
||||
RunAsGroup is specified but no RunAsUser is present.
|
||||
|
||||
* Fixed "sudo -l" output in the LDAP and SSSD backends when a
|
||||
* Fixed "sudo -l" output in the LDAP and SSSD back-ends when a
|
||||
RunAsGroup is specified but no RunAsUser is present.
|
||||
|
||||
What's new in Sudo 1.8.17p1
|
||||
@@ -424,9 +476,9 @@ What's new in Sudo 1.8.17
|
||||
* Fixed a bug on AIX where the stack size hard resource limit was
|
||||
being set to 2GB instead of 4GB on 64-bit systems.
|
||||
|
||||
* The SSSD backend now properly supports "sudo -U otheruser -l".
|
||||
* The SSSD back-end now properly supports "sudo -U otheruser -l".
|
||||
|
||||
* The SSSD backend now uses the value of "ipa_hostname"
|
||||
* The SSSD back-end now uses the value of "ipa_hostname"
|
||||
from sssd.conf, if specified, when matching the host name.
|
||||
|
||||
* Fixed a hang on some systems when the command is being run in
|
||||
@@ -448,12 +500,12 @@ What's new in Sudo 1.8.16
|
||||
|
||||
* Fixed a bug that could cause warning mail to be sent in list
|
||||
mode (sudo -l) for users without sudo privileges when the
|
||||
LDAP and sssd backends are used.
|
||||
LDAP and sssd back-ends are used.
|
||||
|
||||
* Fixed a bug that prevented the "mail_no_user" option from working
|
||||
properly with the LDAP backend.
|
||||
properly with the LDAP back-end.
|
||||
|
||||
* In the LDAP and sssd backends, white space is now ignored between
|
||||
* In the LDAP and sssd back-ends, white space is now ignored between
|
||||
an operator (!, +, +=, -=) when parsing a sudoOption.
|
||||
|
||||
* It is now possible to disable Path settings in sudo.conf
|
||||
@@ -481,7 +533,7 @@ What's new in Sudo 1.8.16
|
||||
problem when a user or group of the same name exists in multiple
|
||||
auth registries. For example, local and LDAP.
|
||||
|
||||
* Fixed a crash in the SSSD backend when the invoking user is not
|
||||
* Fixed a crash in the SSSD back-end when the invoking user is not
|
||||
found. Bug #732.
|
||||
|
||||
* Added the --enable-asan configure flag to enable address sanitizer
|
||||
@@ -500,7 +552,7 @@ What's new in Sudo 1.8.16
|
||||
* Fixed support for negating character classes in sudo's version
|
||||
of the fnmatch() function.
|
||||
|
||||
* Fixed a bug in the LDAP and SSSD backends that could allow an
|
||||
* Fixed a bug in the LDAP and SSSD back-ends that could allow an
|
||||
unauthorized user to list another user's privileges. Bug #738.
|
||||
|
||||
* The PAM conversation function now works around an ambiguity in the
|
||||
@@ -613,7 +665,7 @@ What's new in Sudo 1.8.14p2
|
||||
What's new in Sudo 1.8.14p1
|
||||
|
||||
* Fixed a bug introduced in sudo 1.8.14 that prevented the sssd
|
||||
backend from working. Bug #703.
|
||||
back-end from working. Bug #703.
|
||||
|
||||
What's new in Sudo 1.8.14
|
||||
|
||||
@@ -1522,7 +1574,7 @@ What's new in Sudo 1.8.5?
|
||||
ldap_start_tls_s() function.
|
||||
|
||||
* The TLS_CHECKPEER parameter in ldap.conf now works when the
|
||||
Mozilla NSS crypto backend is used with OpenLDAP.
|
||||
Mozilla NSS crypto back-end is used with OpenLDAP.
|
||||
|
||||
* A new group provider plugin, system_group, is included which
|
||||
performs group look ups by name using the system groups database.
|
||||
|
||||
18
configure
vendored
18
configure
vendored
@@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for sudo 1.8.21p2.
|
||||
# Generated by GNU Autoconf 2.69 for sudo 1.8.22.
|
||||
#
|
||||
# Report bugs to <https://bugzilla.sudo.ws/>.
|
||||
#
|
||||
@@ -590,8 +590,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='sudo'
|
||||
PACKAGE_TARNAME='sudo'
|
||||
PACKAGE_VERSION='1.8.21p2'
|
||||
PACKAGE_STRING='sudo 1.8.21p2'
|
||||
PACKAGE_VERSION='1.8.22'
|
||||
PACKAGE_STRING='sudo 1.8.22'
|
||||
PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
|
||||
PACKAGE_URL=''
|
||||
|
||||
@@ -1539,7 +1539,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures sudo 1.8.21p2 to adapt to many kinds of systems.
|
||||
\`configure' configures sudo 1.8.22 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@@ -1604,7 +1604,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of sudo 1.8.21p2:";;
|
||||
short | recursive ) echo "Configuration of sudo 1.8.22:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@@ -1863,7 +1863,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
sudo configure 1.8.21p2
|
||||
sudo configure 1.8.22
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
@@ -2572,7 +2572,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by sudo $as_me 1.8.21p2, which was
|
||||
It was created by sudo $as_me 1.8.22, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@@ -27021,7 +27021,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by sudo $as_me 1.8.21p2, which was
|
||||
This file was extended by sudo $as_me 1.8.22, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@@ -27087,7 +27087,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
sudo config.status 1.8.21p2
|
||||
sudo config.status 1.8.22
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ dnl
|
||||
dnl Copyright (c) 1994-1996,1998-2017 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
dnl
|
||||
AC_PREREQ([2.59])
|
||||
AC_INIT([sudo], [1.8.21p2], [https://bugzilla.sudo.ws/], [sudo])
|
||||
AC_INIT([sudo], [1.8.22], [https://bugzilla.sudo.ws/], [sudo])
|
||||
AC_CONFIG_HEADER([config.h pathnames.h])
|
||||
AC_CONFIG_SRCDIR([src/sudo.c])
|
||||
dnl
|
||||
|
||||
Reference in New Issue
Block a user