172) interfaces.c should work on ISC UN*X again.
-173) All source files are <= 14 characters for old SYSV filesystems.
+173) All source files are <= 14 characters for old SYSV file systems.
CHANGES from sudo 1.3.7 GAMMA
environment.
433) Added env_check and env_delete Defaults options to allow the admin
- to modify the builtin list of environment variables to remove.
+ to modify the built-in list of environment variables to remove.
434) If timestamp_timeout < 0 then the timestamp never expires. This
allows users to manage their own timestamps and create or delete
Sudo 1.6.4p1 released.
-460) Some special characters were not being escaped properly (e..g '\,')
+460) Some special characters were not being escaped properly (e.g. '\,')
in command line arguments and would cause a syntax error instead.
461) "sudo -l" would not work if the always_set_home option was set.
477) Fixed a security hole in prompt rewriting found by Global InterSec.
Sudo 1.6.6 released.
+
+478) Wildcards now work correctly in the env_keep Defaults directive.
+
+479) Added support for non-root timestamp dirs. This allows the timestamp
+ dir to be shared via NFS (though this is not recommended).
+
+480) Removed double printing of bad environment variable table in -V mode.
+
+481) configure script has been regenerated with autoconf 2.5.7.
+ This required some changes to configure.in.
+
+482) Fixed a compilation problem on SunOS; thanks to Alek O. Komarnitsky.
+
+483) SecurID 5.0 API support from Michael Stroucken.
+
+484) Restore state of signal handlers to what we had upon startup.
+ Fixes a problem when using sudo with nohup; thanks to Paul Markham.
+
+485) Revamp set_perms() to use setresuid() or setreuid() when available
+ in preference to POSIX stuff since they allow us to properly
+ implement "stay_setuid" whereas POSIX does not really.
+
+486) In strict mode sudo did not throw an error for undefined User_Aliases.
+
+487) Fixed a Makefile bug on IRIX.
+
+488) Write the prompt *after* turning off echo to avoid some password
+ characters being echoed on heavily-loaded machines with fast typists.
+
+489) Added %U and %H escapes in the prompt and fixed treatment of %%.
+
+490) Visudo will now add a final newline to sudoers if the user's editor
+ not add one before EOF.
+
+491) The lexer state is now reset to its initial value on EOF.
+ Previously, the state was not reset between parser invocations
+ which could cause problems for visudo in rare cases.
+
+492) Added support for Defaults that apply based on the RunasUser.
+
+493) Sudo now includes copies of strlc{at,py} and uses them throughout.
+
+494) Sudo is now careful to avoid interger overflow when allocating
+ memory. This is one of those "should not happen" situations.
+
+495) Added a configure option (--with-stow) to make sudo compatible
+ with GNU stow.
+
+496) auth/kerb5.c now compiles under Heimdal.
+
+497) The volatile prefix is used in the hopes of preventing compilers
+ from optimizing away memory zeroing. Unfortunately, this results
+ in some warnings from gcc.
+
+498) Better Kerberos IV/V support in the configure script.
+
+499) Fixed a logic thinko in the SIGCHLD handler that caused problems
+ with rlogin on HP-UX.
+
+500) configure now adds -R to LDFLAGS when it adds -L for Solaris and
+ SVR4. There is a configure option, --with-rpath, to control this.
+
+501) On AIX, configure will pass extra directory paths to the linker
+ via the -blibpath ld option. This is only active when additional
+ library paths are used. It may be disabled via the
+ --without-blibpath configure option.
+
+502) The --with-skey and --with-opie configure options now take
+ an optional directory argument that should have an include and
+ lib dir for the skey/opie include file and library respectively.
+
+Sudo 1.6.7 released.
+
+503) Fixed false positives in the overflow detection of expand_prompt().
+
+Sudo 1.6.7p1 released.
+
+504) An unterminated comment broke Kerberos V authentication.
+
+505) The krb5-config script is used to determine Kerberos V CPPFLAGS
+ and LDFLAGS/LIBS if it exists.
+
+506) Backed out changes to mkinstalldirs from autoconf 2.57 that
+ caused problems on Tru64 Unix.
+
+Sudo 1.6.7p2 released.
+
+507) Kerberos V support should work on latest MIT Kerberos V and Heimdal.
+
+Sudo 1.6.7p3 released.
+
+508) Fixed remaining Kerberos V issues with MIT Kerberos V and old Heimdal.
+
+Sudo 1.6.7p4 released.
+
+509) Fixed a typo that caused a compilation error on Heimdal.
+
+510) Darwin (MacOS X) doesn't have a real setreuid() system call.
+
+511) Fixed a problem with large numbers of environment variables.
+
+Sudo 1.6.7p5 released.
+
+512) Fixed a problem on FreeBSD when the user is only listed in NIS (not
+ master.passwd) and netgroups are used in the master.passwd file.
+
+513) BSD-style warn/err functions are now used throughout.
+
+514) Fixed the --with-stow configure option
+
+515) Added a "sudo_lecture" option that points to a file containing a custom
+ lecture.
+
+516) The username in a log entry is no longer truncated at 8 characters.
+
+517) A new tag, NOEXEC, will prevent a dynamically-linked program being run
+ by sudo from executing another program (think shell escapes).
+ Because this uses LD_PRELOAD it has no effect on static binaries.
+ Idea from Reznic Valery.
+
+518) TIS fwtk authentication now supports fwtk 2.0 and higher.
+
+519) Sudo will now try to stat the command to be run as the user
+ specified by the -u flag if the stat fails as root. Fixes
+ an NFS issue.
+
+520) Added Stan Lee / Uncle Ben quote to the lecture (from RedHat).
+
+521) Added a -i option to simulate an initial login similar to "su -".
+ Originally based on a patch from David J. MacKenzie.
+
+522) Added a -e option to edit files the with uid of the invoking user.
+ This prevents the user from editing other files or running commands
+ as the target user. If sudo is run as "sudoedit" the -e flag is implied.
+
+523) If sudo is used to run as root shell, further sudo commands will
+ be logged as run by the user specified by the SUDO_USER environment
+ variable. In -e mode (sudoedit), SUDO_USER is used to determine
+ what user to run the editor when the real uid is 0.
+
+524) Merged in LDAP support from Aaron Spangler.
+
+525) Added the --with-pc-insults configure to replace politically
+ incorrect insults with ones from Alek O. Komarnitsky.
+
+526) Added start_tls support from Gudleik Rasch <gudleik@rastamatra.org>.
+
+527) A uid specified in sudoers now matches the user specified by the
+ -u flag even if the -u flag specified a name, not a uid.
+
+528) /tmp/.odus is no longer used for timestamps by default. One of
+ /var/run/sudo, /var/adm/sudo or /usr/adm/sudo is used depending
+ on what directories exist.
+
+529) Quoting globbing characters with a backslash now works as documented.
+
+530) A negated user/uid in a runas list was not treated the same as a
+ negated command (it did not override a previously allowed entry).
+ Now it does.
+
+531) Added support for Tandem NSK and other systems w/o seteuid().
+
+532) The timeout on password reading is now done via alarm(), not select().
+
+533) Fixed several issues when closing all open descriptors. Sudo now uses
+ closefrom() if it exists, using /proc/$$/fd if possible.
+
+534) Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+
+535) Added a check in visudo for runas_default being used before it
+ was set.
+
+536) If the target user == invoking user a password is no longer required.
+
+537) PAM support now uses Use pam_acct_mgmt() to check for disabled accounts
+ (from Brian Farrell).
+
+538) The sudoers file is now parsed as the runas user in all cases instead
+ of root. This fixes some issues with running NFS-mounted commands.
+
+539) Sudo now produces a sensible error message when the targetpw
+ Defaults option is set and a non-existent uid is specified via -u.
+
+Sudo 1.6.8 released.
+
+540) Now find the command base and fill in struct stat earlier.
+
+541) sudoedit now re-opens the temp file as the invoking user.
+
+542) struct timespec is used throughout the code base.
+
+543) Added --with-ldap-conf-file option to override /etc/ldap.conf
+
+544) Added SSL tls_* certificate checking options when using LDAP.
+
+545) Sudoedit will now only attempt to edit regular files or links.
+
+546) Sudo now uses futime() or futimes() where possible.
+
+547) Updated sample.pam to a current version.
+
+548) Better detection of unchanged files in sudoedit.
+
+Sudo 1.6.8p1 released.
+
+549) Bash exported functions are now stripped from the environment passed
+ to the program to be executed.
+
+Sudo 1.6.8p2 released.
+
+550) The CDPATH variable is now stripped from the environment passed
+ to the program to be executed.
+
+551) Fix temp file generation on systems where the _PATH_VARTMP macro
+ lacks a trailing slash.
+
+Sudo 1.6.8p3 released.
+
+552) The KRB5CCNAME environment variable is preserved during sudo
+ execution for password lookups that use GSSAPI.
+
+Sudo 1.6.8p4 released.
+
+553) Added a configure check for systems with a 2-argument version of
+ timespecsub (like BSD/OS).
+
+554) Added stub struct defintions to sudo.h to quiet compiler warnings
+ on some systems.
+
+555) In sudoers Defaults lines, tuples like "lecture" may now be used
+ without a value, restoring their old boolean-like nature.
+
+556) Invalid values for a tuple are now handled correctly.
+
+Sudo 1.6.8p5 released.
+
+557) Added a set of missing braces needed for MacOS X / Darwin.
+
+558) Define LDAP_OPT_SUCCESS for those without it.
+
+Sudo 1.6.8p6 released.
+
+559) Warn if the user tries to use the -u option when not running a command.
+
+560) Better PAM error handling and messages.
+
+561) Fixed setting of $USER when env_reset is enabled.
+
+Sudo 1.6.8p7 released.
+
+562) Fixed noexec functionality on Linux.
+
+563) Fixed minor format string mismatches in some error cases.
+
+564) Fixed a bug that prevented Heimdal authentication from working.
+
+Sudo 1.6.8p8 released.
+
+565) Updated config.guess and config.sub entries for OpenBSD.
+
+566) A sudoers entry with sudo ALL no longer overwrites the value of
+ safe_cmnd.
+
+Sudo 1.6.8p9 released.
+
+567) Added PS4 and SHELLOPTS to the list of variables to remove from
+ the environment.
+
+Sudo 1.6.8p10 released.
+
+567) Added JAVA_TOOL_OPTIONS to the list of variables to remove from
+ the environment.
+
+Sudo 1.6.8p11 released.
+
+567) Added PERLLIB, PERL5LIB and PERL5OPT to the list of variables to
+ remove from the environment.
+
+Sudo 1.6.8p12 released.
+
+568) Fixed a file descriptor leak when the lecture file option is enabled.
+
+569) Added to the list of variables to remove from the environment.
+
+570) Fixed a Kerberos V security issue that could allow a
+ user to authenticate using a fake KDC.
+
+571) Pulled in updated configure and libtool from sudo 1.7.
+
+572) PAM is now the default on systems where it is supported.
+
+573) Removed POSIX saved uid use; the stay_setuid option now
+ requires the setreuid() or setresuid() functions to work.
+
+574) Regenerated configure with up to date autoconf and libtool.
+
+575) Fixed fd leak when lecture file option is enabled.
+
+576) Removed used of POSIX saved uids. The stay_setuid
+ option now requires setreuid() or setresuid().
+
+577) PAM fixes. If the user enters ^C at the password prompt,
+ abort instead of trying to authenticate with an empty password
+ (which causes an annoying delay). Also Call pam_open_session()
+ and pam_close_session() to give pam_limits a chance to run.
+
+578) Security fix for Kerberos5. If we cannot get a valid service
+ key using the default keytab it is a fatal error. Now uses
+ krb5_verify_user() and krb5_init_secure_context() if they
+ are available.
+
+579) Fixed securid5 authentication.
+
+580) Added fcntl F_CLOSEM support to closefrom().
+
+581) Added NOEXEC support for AIX 5.3.
+
+582) Sudo now uses the supplemental group vector for matching.
+ This fixes problems with split group lines in /etc/group
+ as well as multiple group sources in nsswitch.conf.
+
+583) Added more environment variables to remove by default.
+
+584) Mail from sudo now includes an Auto-Submitted: auto-generated
+ header ala rfc 3834.
+
+585) Reworked the environment handling code.
+
+586) Remove the --with-execv option, it was not useful.
+
+587) Use TCSADRAIN instead of TCSAFLUSH in tgetpass() since
+ some OSes have issues with TCSAFLUSH.
+
+588) Use glob(3) instead of fnmatch(3) for matching pathnames
+ and stat() each result that matches the basename of the user's
+ command. This makes "cd /usr/bin ; sudo ./blah" work when
+ sudoers allows /usr/bin/blah.
+
+589) Reworked the syslog long line splitting code based on changes
+ from Eygene Ryabinkin.
+
+590) Sudo can now with deal more than 32 network interfaces on
+ Solaris.
+
+591) Visudo will now honor command line arguments in the EDITOR or
+ VISUAL environment variables if env_editor is enabled.
+
+592) LDAP now honors rootbinddn, timelimit and bind_timelimit in
+ /etc/ldap.conf.
+
+593) For LDAP, do a sub tree search instead of a base search (one
+ level in the tree only) for sudo right objects. This allows
+ system administrators to categorize the rights in a tree to
+ make them easier to manage.
+
+594) The env_reset option is now enabled by default. Commands run
+ through sudo now receive a minimal environment with certain
+ variables passed through and/or checked. The list of variables
+ allowed is configurable via the env_keep and env_check options
+ in sudoers.
+
+595) Added support for Solaris 10 resource control limits using
+ the "project" interface.
+
+596) Moved LDAP schema data into separate files.
+
+597) Sudo no longer assumes that gr_mem in struct group is non-NULL.
+
+598) Added support for setting environment variables on the command
+ line if the command has the SETENV attribute set in sudoers.
+
+599) Added a -E flag to preserve the environment if the SETENV attribute
+ has been set.
+
+600) The sudoers2ldif script now parses Runas users.
+
+601) The -- flag now behaves as documented.
+
+602) sudo -k/-K no longer cares if the timestamp is in the future.
+
+603) When searching for the command, sudo now uses the effective gid
+ of the runas user.
+
+604) Sudo no longer updates the timestamp if not validated by sudoers.
+
+605) Now rebuild environment regardless of how sudo was invoked.
+
+606) More accurate usage() when called as sudoedit.
+
+607) Command line environment variables are now treated like
+ normal environment variables unless the SETENV tag is set.
+
+608) Better explanation of environment handling in the sudo man page.
+
+Sudo 1.6.9 released.
+
+609) Worked around a bug ins some PAM implementations that caused a crash
+ when no tty was present.
+
+610) Fixed a crash on some platforms in the error logging function.
+
+611) Documentation improvements.
+
+Sudo 1.6.9p1 released.
+
+612) Fixed updating of the saved environment when the environ pointer
+ gets changed out from underneath us.
+
+Sudo 1.6.9p2 released.
+
+613) Fixed a bug related to supplemental group matching introduced
+ in 1.6.9.
+
+Sudo 1.6.9p3 released.
+
+614) Added IPv6 support from YOSHIFUJI Hideaki.
+
+615) Fixed sudo_noexec installation path.
+
+616) Fixed a K&R compilation error.
+
+Sudo 1.6.9p4 released.
+
+617) Fixed a bug in the IP address matching introduced by the IPV6 merge.
+
+618) For "visudo -f file" we now use the permissions of the original file
+ and not the hard-coded sudoers owner/group/mode. This makes
+ it possible to use visudo with a revision control system.
+
+619) Fixed sudoedit when used on a non-existent file.
+
+620) Regenerated configure using autoconf 2.6.1 and libtool 1.5.24.
+
+621) Groups and netgroups are now valid in an LDAP sudoRunas statement.
+
+Sudo 1.6.9p5 released.
+
+622) Worked around bugs in the session support of some PAM implementations.
+ The full tty path is now passed to PAM as well.
+
+623) Sudo now only prints the password prompt if the process is in the
+ foreground.
+
+624) inttypes.h is now included when appropriate if it is present.
+
+625) Simplified alias allocation in the parser.
+
+Sudo 1.6.9p6 released.
+
+626) Go back to using TCSAFLUSH instead of TCSADRAIN when turning
+ off echo in tgetpass().
+
+627) Fixed addition of -lutil for logincap on FreeBSD and NetBSD.
+
+628) Add configure check for struct in6_addr since some systems define
+ AF_INET6 but have no real IPv6 support.
+
+Sudo 1.6.9p7 released.
+
+629) Fixed a bug where a sudoers entry with no runas user specified
+ was treated differently from a line with the default runas
+ user specified.
+
+Sudo 1.6.9p8 released.
+
+630) The ALL command in sudoers now implies SETENV permissions.
+
+631) The command search is now performed using the target user's
+ auxiliary group vector too.
+
+632) When determining if the PAM prompt is the default "Password: ",
+ compare the localized version if possible.
+
+633) Added passprompt_override flag to sudoers to cause sudo's prompt
+ to be used in all cases. Also set when the -p flag is used.
+
+Sudo 1.6.9p9 released.
+
+634) Moved LDAP options into a table for simplified parsing/setting.
+
+635) Fixed a problem with how some LDAP options were being applied.
+
+636) Added support for connecting directly to LDAP servers via SSL
+ in addition to the existing start_tls support.
+
+Sudo 1.6.9p10 released.
+
+637) Fixed a compilation problem on SCO related to how they
+ store the high resolution timestamps in struct stat.
+
+638) Avoid checking the passwd file group multiple times
+ in the LDAP query when the user's passwd group is also
+ listed in the supplemental group vector.
+
+639) The URI specifier can now be used in ldap.conf even when
+ the LDAP SDK doesn't support ldap_initialize().
+
+640) New %p prompt escape that expands to the user whose password
+ is being prompted, as specified by the rootpw, targetpw and
+ runaspw sudoers flags. Based on a diff from Patrick Schoenfeld.
+
+Sudo 1.6.9p11 released.
+
+641) Added a configure check for the ber_set_option() function.
+
+642) Fixed a compilation problem with the HP-UX K&R C compiler.
+
+643) Revamped the Kerberos 5 ticket verification code.
+
+644) Added support for the checkpeer ldap.conf variable for
+ netscape-based LDAP SDKs.
+
+645) Fixed a problem where an incomplete password could be echoed
+ to the screen if there was a read timeout.
+
+Sudo 1.6.9p12 released.
+
+646) Sudo will now set the nproc resource limit to unlimited on Linux
+ systems to work around Linux's setuid() resource limit semantics.
+ On PAM systems the resource limits will be reset by pam_limits.so
+ before the command is executed.
+
+647) SELinux support that can be used to implement role based access
+ control (RBAC). A role and (optional) type may be specified
+ in sudoers or on the command line. These are then used in the
+ security context that the command is run as.
+
+648) Fixed a Kerberos 5 compilation problem with MIT Kerberos.
+
+Sudo 1.6.9p13 released.
+
+649) Fixed an invalid assumption in the PAM conversation function
+ introduced in version 1.6.9p9. The conversation function may
+ be called for non-password reading purposes as well.
+
+650) Fixed freeing an uninitialized pointer in -l mode, introduced in
+ version 1.6.9p13.
+
+651) Check /etc/sudoers after LDAP even if the user was found in LDAP.
+ This allows Defaults options in /etc/sudoers to take effect.
+
+652) Add missing checks for enforcing mode in SELinux RBAC mode.
+
+Sudo 1.6.9p14 released.