556) Invalid values for a tuple are now handled correctly.
Sudo 1.6.8p5 released.
+
+557) Added a set of missing braces needed for MacOS X / Darwin.
+
+558) Define LDAP_OPT_SUCCESS for those without it.
+
+Sudo 1.6.8p6 released.
+
+559) Warn if the user tries to use the -u option when not running a command.
+
+560) Better PAM error handling and messages.
+
+561) Fixed setting of $USER when env_reset is enabled.
+
+Sudo 1.6.8p7 released.
+
+562) Fixed noexec functionality on Linux.
+
+563) Fixed minor format string mismatches in some error cases.
+
+564) Fixed a bug that prevented Heimdal authentication from working.
+
+Sudo 1.6.8p8 released.
+
+565) Updated config.guess and config.sub entries for OpenBSD.
+
+566) A sudoers entry with sudo ALL no longer overwrites the value of
+ safe_cmnd.
+
+Sudo 1.6.8p9 released.
+
+567) Added PS4 and SHELLOPTS to the list of variables to remove from
+ the environment.
+
+Sudo 1.6.8p10 released.
+
+567) Added JAVA_TOOL_OPTIONS to the list of variables to remove from
+ the environment.
+
+Sudo 1.6.8p11 released.
+
+567) Added PERLLIB, PERL5LIB and PERL5OPT to the list of variables to
+ remove from the environment.
+
+Sudo 1.6.8p12 released.
+
+568) Fixed a file descriptor leak when the lecture file option is enabled.
+
+569) Added to the list of variables to remove from the environment.
+
+570) Fixed a Kerberos V security issue that could allow a
+ user to authenticate using a fake KDC.
+
+571) Pulled in updated configure and libtool from sudo 1.7.
+
+572) PAM is now the default on systems where it is supported.
+
+573) Removed POSIX saved uid use; the stay_setuid option now
+ requires the setreuid() or setresuid() functions to work.
+
+574) Regenerated configure with up to date autoconf and libtool.
+
+575) Fixed fd leak when lecture file option is enabled.
+
+576) Removed used of POSIX saved uids. The stay_setuid
+ option now requires setreuid() or setresuid().
+
+577) PAM fixes. If the user enters ^C at the password prompt,
+ abort instead of trying to authenticate with an empty password
+ (which causes an annoying delay). Also Call pam_open_session()
+ and pam_close_session() to give pam_limits a chance to run.
+
+578) Security fix for Kerberos5. If we cannot get a valid service
+ key using the default keytab it is a fatal error. Now uses
+ krb5_verify_user() and krb5_init_secure_context() if they
+ are available.
+
+579) Fixed securid5 authentication.
+
+580) Added fcntl F_CLOSEM support to closefrom().
+
+581) Added NOEXEC support for AIX 5.3.
+
+582) Sudo now uses the supplemental group vector for matching.
+ This fixes problems with split group lines in /etc/group
+ as well as multiple group sources in nsswitch.conf.
+
+583) Added more environment variables to remove by default.
+
+584) Mail from sudo now includes an Auto-Submitted: auto-generated
+ header ala rfc 3834.
+
+585) Reworked the environment handling code.
+
+586) Remove the --with-execv option, it was not useful.
+
+587) Use TCSADRAIN instead of TCSAFLUSH in tgetpass() since
+ some OSes have issues with TCSAFLUSH.
+
+588) Use glob(3) instead of fnmatch(3) for matching pathnames
+ and stat() each result that matches the basename of the user's
+ command. This makes "cd /usr/bin ; sudo ./blah" work when
+ sudoers allows /usr/bin/blah.
+
+589) Reworked the syslog long line splitting code based on changes
+ from Eygene Ryabinkin.
+
+590) Sudo can now with deal more than 32 network interfaces on
+ Solaris.
+
+591) Visudo will now honor command line arguments in the EDITOR or
+ VISUAL environment variables if env_editor is enabled.
+
+592) LDAP now honors rootbinddn, timelimit and bind_timelimit in
+ /etc/ldap.conf.
+
+593) For LDAP, do a sub tree search instead of a base search (one
+ level in the tree only) for sudo right objects. This allows
+ system administrators to categorize the rights in a tree to
+ make them easier to manage.
+
+594) The env_reset option is now enabled by default. Commands run
+ through sudo now receive a minimal environment with certain
+ variables passed through and/or checked. The list of variables
+ allowed is configurable via the env_keep and env_check options
+ in sudoers.
+
+595) Added support for Solaris 10 resource control limits using
+ the "project" interface.
+
+596) Moved LDAP schema data into separate files.
+
+597) Sudo no longer assumes that gr_mem in struct group is non-NULL.
+
+598) Added support for setting environment variables on the command
+ line if the command has the SETENV attribute set in sudoers.
+
+599) Added a -E flag to preserve the environment if the SETENV attribute
+ has been set.
+
+600) The sudoers2ldif script now parses Runas users.
+
+601) The -- flag now behaves as documented.
+
+602) sudo -k/-K no longer cares if the timestamp is in the future.
+
+603) When searching for the command, sudo now uses the effective gid
+ of the runas user.
+
+604) Sudo no longer updates the timestamp if not validated by sudoers.
+
+605) Now rebuild environment regardless of how sudo was invoked.
+
+606) More accurate usage() when called as sudoedit.
+
+607) Command line environment variables are now treated like
+ normal environment variables unless the SETENV tag is set.
+
+608) Better explanation of environment handling in the sudo man page.
+
+Sudo 1.6.9 released.
+
+609) Worked around a bug ins some PAM implementations that caused a crash
+ when no tty was present.
+
+610) Fixed a crash on some platforms in the error logging function.
+
+611) Documentation improvements.
+
+Sudo 1.6.9p1 released.
+
+612) Fixed updating of the saved environment when the environ pointer
+ gets changed out from underneath us.
+
+Sudo 1.6.9p2 released.
+
+613) Fixed a bug related to supplemental group matching introduced
+ in 1.6.9.
+
+Sudo 1.6.9p3 released.
+
+614) Added IPv6 support from YOSHIFUJI Hideaki.
+
+615) Fixed sudo_noexec installation path.
+
+616) Fixed a K&R compilation error.
+
+Sudo 1.6.9p4 released.
+
+617) Fixed a bug in the IP address matching introduced by the IPV6 merge.
+
+618) For "visudo -f file" we now use the permissions of the original file
+ and not the hard-coded sudoers owner/group/mode. This makes
+ it possible to use visudo with a revision control system.
+
+619) Fixed sudoedit when used on a non-existent file.
+
+620) Regenerated configure using autoconf 2.6.1 and libtool 1.5.24.
+
+621) Groups and netgroups are now valid in an LDAP sudoRunas statement.
+
+Sudo 1.6.9p5 released.
+
+622) Worked around bugs in the session support of some PAM implementations.
+ The full tty path is now passed to PAM as well.
+
+623) Sudo now only prints the password prompt if the process is in the
+ foreground.
+
+624) inttypes.h is now included when appropriate if it is present.
+
+625) Simplified alias allocation in the parser.
+
+Sudo 1.6.9p6 released.
+
+626) Go back to using TCSAFLUSH instead of TCSADRAIN when turning
+ off echo in tgetpass().
+
+627) Fixed addition of -lutil for logincap on FreeBSD and NetBSD.
+
+628) Add configure check for struct in6_addr since some systems define
+ AF_INET6 but have no real IPv6 support.
+
+Sudo 1.6.9p7 released.
+
+629) Fixed a bug where a sudoers entry with no runas user specified
+ was treated differently from a line with the default runas
+ user specified.
+
+Sudo 1.6.9p8 released.
+
+630) The ALL command in sudoers now implies SETENV permissions.
+
+631) The command search is now performed using the target user's
+ auxiliary group vector too.
+
+632) When determining if the PAM prompt is the default "Password: ",
+ compare the localized version if possible.
+
+633) Added passprompt_override flag to sudoers to cause sudo's prompt
+ to be used in all cases. Also set when the -p flag is used.
+
+Sudo 1.6.9p9 released.
+
+634) Moved LDAP options into a table for simplified parsing/setting.
+
+635) Fixed a problem with how some LDAP options were being applied.
+
+636) Added support for connecting directly to LDAP servers via SSL
+ in addition to the existing start_tls support.
+
+Sudo 1.6.9p10 released.
+
+637) Fixed a compilation problem on SCO related to how they
+ store the high resolution timestamps in struct stat.
+
+638) Avoid checking the passwd file group multiple times
+ in the LDAP query when the user's passwd group is also
+ listed in the supplemental group vector.
+
+639) The URI specifier can now be used in ldap.conf even when
+ the LDAP SDK doesn't support ldap_initialize().
+
+640) New %p prompt escape that expands to the user whose password
+ is being prompted, as specified by the rootpw, targetpw and
+ runaspw sudoers flags. Based on a diff from Patrick Schoenfeld.
+
+Sudo 1.6.9p11 released.
+
+641) Added a configure check for the ber_set_option() function.
+
+642) Fixed a compilation problem with the HP-UX K&R C compiler.
+
+643) Revamped the Kerberos 5 ticket verification code.
+
+644) Added support for the checkpeer ldap.conf variable for
+ netscape-based LDAP SDKs.
+
+645) Fixed a problem where an incomplete password could be echoed
+ to the screen if there was a read timeout.
+
+Sudo 1.6.9p12 released.
projects / debian / sudo / blobdiff