172) interfaces.c should work on ISC UN*X again.
-173) All source files are <= 14 characters for old SYSV filesystems.
+173) All source files are <= 14 characters for old SYSV file systems.
CHANGES from sudo 1.3.7 GAMMA
environment.
433) Added env_check and env_delete Defaults options to allow the admin
- to modify the builtin list of environment variables to remove.
+ to modify the built-in list of environment variables to remove.
434) If timestamp_timeout < 0 then the timestamp never expires. This
allows users to manage their own timestamps and create or delete
Sudo 1.6.4p1 released.
-460) Some special characters were not being escaped properly (e..g '\,')
+460) Some special characters were not being escaped properly (e.g. '\,')
in command line arguments and would cause a syntax error instead.
461) "sudo -l" would not work if the always_set_home option was set.
477) Fixed a security hole in prompt rewriting found by Global InterSec.
Sudo 1.6.6 released.
+
+478) Wildcards now work correctly in the env_keep Defaults directive.
+
+479) Added support for non-root timestamp dirs. This allows the timestamp
+ dir to be shared via NFS (though this is not recommended).
+
+480) Removed double printing of bad environment variable table in -V mode.
+
+481) configure script has been regenerated with autoconf 2.5.7.
+ This required some changes to configure.in.
+
+482) Fixed a compilation problem on SunOS; thanks to Alek O. Komarnitsky.
+
+483) SecurID 5.0 API support from Michael Stroucken.
+
+484) Restore state of signal handlers to what we had upon startup.
+ Fixes a problem when using sudo with nohup; thanks to Paul Markham.
+
+485) Revamp set_perms() to use setresuid() or setreuid() when available
+ in preference to POSIX stuff since they allow us to properly
+ implement "stay_setuid" whereas POSIX does not really.
+
+486) In strict mode sudo did not throw an error for undefined User_Aliases.
+
+487) Fixed a Makefile bug on IRIX.
+
+488) Write the prompt *after* turning off echo to avoid some password
+ characters being echoed on heavily-loaded machines with fast typists.
+
+489) Added %U and %H escapes in the prompt and fixed treatment of %%.
+
+490) Visudo will now add a final newline to sudoers if the user's editor
+ not add one before EOF.
+
+491) The lexer state is now reset to its initial value on EOF.
+ Previously, the state was not reset between parser invocations
+ which could cause problems for visudo in rare cases.
+
+492) Added support for Defaults that apply based on the RunasUser.
+
+493) Sudo now includes copies of strlc{at,py} and uses them throughout.
+
+494) Sudo is now careful to avoid interger overflow when allocating
+ memory. This is one of those "should not happen" situations.
+
+495) Added a configure option (--with-stow) to make sudo compatible
+ with GNU stow.
+
+496) auth/kerb5.c now compiles under Heimdal.
+
+497) The volatile prefix is used in the hopes of preventing compilers
+ from optimizing away memory zeroing. Unfortunately, this results
+ in some warnings from gcc.
+
+498) Better Kerberos IV/V support in the configure script.
+
+499) Fixed a logic thinko in the SIGCHLD handler that caused problems
+ with rlogin on HP-UX.
+
+500) configure now adds -R to LDFLAGS when it adds -L for Solaris and
+ SVR4. There is a configure option, --with-rpath, to control this.
+
+501) On AIX, configure will pass extra directory paths to the linker
+ via the -blibpath ld option. This is only active when additional
+ library paths are used. It may be disabled via the
+ --without-blibpath configure option.
+
+502) The --with-skey and --with-opie configure options now take
+ an optional directory argument that should have an include and
+ lib dir for the skey/opie include file and library respectively.
+
+Sudo 1.6.7 released.
+
+503) Fixed false positives in the overflow detection of expand_prompt().
+
+Sudo 1.6.7p1 released.
+
+504) An unterminated comment broke Kerberos V authentication.
+
+505) The krb5-config script is used to determine Kerberos V CPPFLAGS
+ and LDFLAGS/LIBS if it exists.
+
+506) Backed out changes to mkinstalldirs from autoconf 2.57 that
+ caused problems on Tru64 Unix.
+
+Sudo 1.6.7p2 released.
+
+507) Kerberos V support should work on latest MIT Kerberos V and Heimdal.
+
+Sudo 1.6.7p3 released.
+
+508) Fixed remaining Kerberos V issues with MIT Kerberos V and old Heimdal.
+
+Sudo 1.6.7p4 released.
+
+509) Fixed a typo that caused a compilation error on Heimdal.
+
+510) Darwin (MacOS X) doesn't have a real setreuid() system call.
+
+511) Fixed a problem with large numbers of environment variables.
+
+Sudo 1.6.7p5 released.
+
+512) Fixed a problem on FreeBSD when the user is only listed in NIS (not
+ master.passwd) and netgroups are used in the master.passwd file.
+
+513) BSD-style warn/err functions are now used throughout.
+
+514) Fixed the --with-stow configure option
+
+515) Added a "sudo_lecture" option that points to a file containing a custom
+ lecture.
+
+516) The username in a log entry is no longer truncated at 8 characters.
+
+517) A new tag, NOEXEC, will prevent a dynamically-linked program being run
+ by sudo from executing another program (think shell escapes).
+ Because this uses LD_PRELOAD it has no effect on static binaries.
+ Idea from Reznic Valery.
+
+518) TIS fwtk authentication now supports fwtk 2.0 and higher.
+
+519) Sudo will now try to stat the command to be run as the user
+ specified by the -u flag if the stat fails as root. Fixes
+ an NFS issue.
+
+520) Added Stan Lee / Uncle Ben quote to the lecture (from RedHat).
+
+521) Added a -i option to simulate an initial login similar to "su -".
+ Originally based on a patch from David J. MacKenzie.
+
+522) Added a -e option to edit files the with uid of the invoking user.
+ This prevents the user from editing other files or running commands
+ as the target user. If sudo is run as "sudoedit" the -e flag is implied.
+
+523) If sudo is used to run as root shell, further sudo commands will
+ be logged as run by the user specified by the SUDO_USER environment
+ variable. In -e mode (sudoedit), SUDO_USER is used to determine
+ what user to run the editor when the real uid is 0.
+
+524) Merged in LDAP support from Aaron Spangler.
+
+525) Added the --with-pc-insults configure to replace politically
+ incorrect insults with ones from Alek O. Komarnitsky.
+
+526) Added start_tls support from Gudleik Rasch <gudleik@rastamatra.org>.
+
+527) A uid specified in sudoers now matches the user specified by the
+ -u flag even if the -u flag specified a name, not a uid.
+
+528) /tmp/.odus is no longer used for timestamps by default. One of
+ /var/run/sudo, /var/adm/sudo or /usr/adm/sudo is used depending
+ on what directories exist.
+
+529) Quoting globbing characters with a backslash now works as documented.
+
+530) A negated user/uid in a runas list was not treated the same as a
+ negated command (it did not override a previously allowed entry).
+ Now it does.
+
+531) Added support for Tandem NSK and other systems w/o seteuid().
+
+532) The timeout on password reading is now done via alarm(), not select().
+
+533) Fixed several issues when closing all open descriptors. Sudo now uses
+ closefrom() if it exists, using /proc/$$/fd if possible.
+
+534) Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+
+535) Added a check in visudo for runas_default being used before it
+ was set.
+
+536) If the target user == invoking user a password is no longer required.
+
+537) PAM support now uses Use pam_acct_mgmt() to check for disabled accounts
+ (from Brian Farrell).
+
+538) The sudoers file is now parsed as the runas user in all cases instead
+ of root. This fixes some issues with running NFS-mounted commands.
+
+539) Sudo now produces a sensible error message when the targetpw
+ Defaults option is set and a non-existent uid is specified via -u.
+
+Sudo 1.6.8 released.
+
+540) Now find the command base and fill in struct stat earlier.
+
+541) sudoedit now re-opens the temp file as the invoking user.
+
+542) struct timespec is used throughout the code base.
+
+543) Added --with-ldap-conf-file option to override /etc/ldap.conf
+
+544) Added SSL tls_* certificate checking options when using LDAP.
+
+545) Sudoedit will now only attempt to edit regular files or links.
+
+546) Sudo now uses futime() or futimes() where possible.
+
+547) Updated sample.pam to a current version.
+
+548) Better detection of unchanged files in sudoedit.
+
+Sudo 1.6.8p1 released.
+
+549) Bash exported functions are now stripped from the environment passed
+ to the program to be executed.
+
+Sudo 1.6.8p2 released.
+
+550) The CDPATH variable is now stripped from the environment passed
+ to the program to be executed.
+
+551) Fix temp file generation on systems where the _PATH_VARTMP macro
+ lacks a trailing slash.
+
+Sudo 1.6.8p3 released.
+
+552) The KRB5CCNAME environment variable is preserved during sudo
+ execution for password lookups that use GSSAPI.
+
+Sudo 1.6.8p4 released.
+
+553) Added a configure check for systems with a 2-argument version of
+ timespecsub (like BSD/OS).
+
+554) Added stub struct defintions to sudo.h to quiet compiler warnings
+ on some systems.
+
+555) In sudoers Defaults lines, tuples like "lecture" may now be used
+ without a value, restoring their old boolean-like nature.
+
+556) Invalid values for a tuple are now handled correctly.
+
+Sudo 1.6.8p5 released.
projects / debian / sudo / blobdiff