-What's new in Sudo 1.7.6p1
+What's new in Sudo 1.8.2?
+
+ * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural
+ language support (NLS). This can be disabled by passing configure
+ the --disable-nls option. Sudo will use gettext(), if available,
+ to display translated messages. All translations are coordinated
+ via The Translation Project, http://translationproject.org/.
+
+ * Plug-ins are now loaded with the RTLD_GLOBAL flag instead of
+ RTLD_LOCAL. This fixes missing symbol problems in PAM modules
+ on certain platforms, such as FreeBSD and SuSE Linux Enterprise.
+
+ * I/O logging is now supported for commands run in background mode
+ (using sudo's -b flag).
+
+ * Group ownership of the sudoers file is now only enforced when
+ the file mode on sudoers allows group readability or writability.
+
+ * Visudo now checks the contents of an alias and warns about cycles
+ when the alias is expanded.
+
+ * If the user specifes a group via sudo's -g option that matches
+ the target user's group in the password database, it is now
+ allowed even if no groups are present in the Runas_Spec.
+
+ * The sudo Makefiles now have more complete dependencies which are
+ automatically generated instead of being maintained manually.
+
+ * The "use_pty" sudoers option is now correctly passed back to the
+ sudo front end. This was missing in previous versions of sudo
+ 1.8 which prevented "use_pty" from being honored.
+
+ * "sudo -i command" now works correctly with the bash version
+ 2.0 and higher. Previously, the .bash_profile would not be
+ sourced prior to running the command unless bash was built with
+ NON_INTERACTIVE_LOGIN_SHELLS defined.
+
+ * When matching groups in the sudoers file, sudo will now match
+ based on the name of the group instead of the group ID. This can
+ substantially reduce the number of group lookups for sudoers
+ files that contain a large number of groups.
+
+ * Multi-factor authentication is now supported on AIX.
+
+ * Added support for non-RFC 4517 compliant LDAP servers that require
+ that seconds be present in a timestamp, such as Tivoli Directory Server.
+
+ * If the group vector is to be preserved, the PATH search for the
+ command is now done with the user's original group vector.
+
+ * For LDAP-based sudoers, the "runas_default" sudoOption now works
+ properly in a sudoRole that contains a sudoCommand.
+
+ * Spaces in command line arguments for "sudo -s" and "sudo -i" are
+ now escaped with a backslash when checking the security policy.
+
+What's new in Sudo 1.8.1p2?
+
+ * Two-character CIDR-style IPv4 netmasks are now matched correctly
+ in the sudoers file.
+
+ * A build error with MIT Kerberos V has been resolved.
+
+ * A crash on HP-UX in the sudoers plugin when wildcards are
+ present in the sudoers file has been resolved.
+
+ * Sudo now works correctly on Tru64 Unix again.
+
+What's new in Sudo 1.8.1p1?
+
+ * Fixed a problem on AIX where sudo was unable to set the final
+ uid if the PAM module modified the effective uid.
* A non-existent includedir is now treated the same as an empty
directory and not reported as an error.
* Removed extraneous parens in LDAP filter when sudoers_search_filter
is enabled that can cause an LDAP search error.
-What's new in Sudo 1.7.6?
+ * Fixed a "make -j" problem for "make install".
+
+What's new in Sudo 1.8.1?
* A new LDAP setting, sudoers_search_filter, has been added to
ldap.conf. This setting can be used to restrict the set of
* A bug that could result in corrupted output in "sudo -l" has been
fixed.
+ * Sudo will now create an entry in the utmp (or utmpx) file when
+ allocating a pseudo-tty (e.g. when logging I/O). The "set_utmp"
+ and "utmp_runas" sudoers file options can be used to control this.
+ Other policy plugins may use the "set_utmp" and "utmp_user"
+ entries in the command_info list.
+
+ * The sudoers policy now stores the TSID field in the logs
+ even when the "iolog_file" sudoers option is defined to a value
+ other than %{sessid}. Previously, the TSID field was only
+ included in the log file when the "iolog_file" option was set
+ to its default value.
+
+ * The sudoreplay utility now supports arbitrary session IDs.
+ Previously, it would only work with the base-36 session IDs
+ that the sudoers plugin uses by default.
+
+ * Sudo now passes "run_shell=true" to the policy plugin in the
+ settings list when sudo's -s command line option is specified.
+ The sudoers policy plugin uses this to implement the "set_home"
+ sudoers option which was missing from sudo 1.8.0.
+
+ * The "noexec" functionality has been moved out of the sudoers
+ policy plugin and into the sudo front-end, which matches the
+ behavior documented in the plugin writer's guide. As a result,
+ the path to the noexec file is now specified in the sudo.conf
+ file instead of the sudoers file.
+
+ * On Solaris 10, the PRIV_PROC_EXEC privilege is now used to
+ implement the "noexec" feature. Previously, this was implemented
+ via the LD_PRELOAD environment variable.
+
+ * The exit values for "sudo -l", "sudo -v" and "sudo -l command"
+ have been fixed in the sudoers policy plugin.
+
+ * The sudoers policy plugin now passes the login class, if any,
+ back to the sudo front-end.
+
+ * The sudoers policy plugin was not being linked with requisite
+ libraries in certain configurations.
+
+ * Sudo now parses command line arguments before loading any plugins.
+ This allows "sudo -V" or "sudo -h" to work even if there is a problem
+ with sudo.conf
+
+ * Plugins are now linked with the static version of libgcc to allow
+ the plugin to run on a system where no shared libgcc is installed,
+ or where it is installed in a different location.
+
+What's new in Sudo 1.8.0?
+
+ * Sudo has been refactored to use a modular framework that can
+ support third-party policy and I/O logging plugins. The default
+ plugin is "sudoers" which provides the traditional sudo functionality.
+ See the sudo_plugin manual for details on the plugin API and the
+ sample in the plugins directory for a simple example.
+
What's new in Sudo 1.7.5?
* When using visudo in check mode, a file named "-" may be used to