X-Git-Url: https://git.gag.com/?a=blobdiff_plain;f=NEWS;h=16842e788dd40dba874601ee9f5343a8ee9e7518;hb=ca5f7615983706c51b50ac5a8bfc4e123263df0e;hp=abcbcc9ea1b8e19525711a2fdebb48833777c8a1;hpb=db542536bfb942d0168310cac588babc62657621;p=debian%2Fsudo diff --git a/NEWS b/NEWS index abcbcc9..16842e7 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,176 @@ +What's new in Sudo 1.8.4p4? + + * Fixed a bug introduced in Sudo 1.8.4 which prevented "sudo -v" + from working. + +What's new in Sudo 1.8.4p3? + + * Fixed a crash on FreeBSD when no tty is present. + + * Fixed a bug introduced in Sudo 1.8.4 that allowed users to + specify environment variables to set on the command line without + having sudo "ALL" permissions or the "SETENV" tag. + + * When visudo is run with the -c (check) option, the sudoers + file(s) owner and mode are now also checked unless the -f option + was specified. + +What's new in Sudo 1.8.4p2? + + * Fixed a bug introduced in Sudo 1.8.4 where insufficient space + was allocated for group IDs in the LDAP filter. + + * Fixed a bug introduced in Sudo 1.8.4 where the path to sudo.conf + was "/sudo.conf" instead of "/etc/sudo.conf". + + * Fixed a bug introduced in Sudo 1.8.4 which could cause a hang + when I/O logging is enabled and input is from a pipe or file. + +What's new in Sudo 1.8.4p1? + + * Fixed a bug introduced in sudo 1.8.4 that broke adding to or + deleting from the env_keep, env_check and env_delete lists in + sudoers on some platforms. + +What's new in Sudo 1.8.4? + + * The -D flag in sudo has been replaced with a more general debugging + framework that is configured in sudo.conf. + + * Fixed a false positive in visudo strict mode when aliases are + in use. + + * Fixed a crash with "sudo -i" when a runas group was specified + without a runas user. + + * The line on which a syntax error is reported in the sudoers file + is now more accurate. Previously it was often off by a line. + + * Fixed a bug where stack garbage could be printed at the end of + the lecture when the "lecture_file" option was enabled. + + * "make install" now honors the LINGUAS environment variable. + + * The #include and #includedir directives in sudoers now support + relative paths. If the path is not fully qualified it is expected + to be located in the same directory of the sudoers file that is + including it. + + * Serbian and Spanish translations for sudo from translationproject.org. + + * LDAP-based sudoers may now access by group ID in addition to + group name. + + * visudo will now fix the mode on the sudoers file even if no changes + are made unless the -f option is specified. + + * The "use_loginclass" sudoers option works properly again. + + * On systems that use login.conf, "sudo -i" now sets environment + variables based on login.conf. + + * For LDAP-based sudoers, values in the search expression are now + escaped as per RFC 4515. + + * The plugin close function is now properly called when a login + session is killed (as opposed to the actual command being killed). + This can happen when an ssh session is disconnected or the + terminal window is closed. + + * The deprecated "noexec_file" sudoers option is no longer supported. + + * Fixed a race condition when I/O logging is not enabled that could + result in tty-generated signals (e.g. control-C) being received + by the command twice. + + * If none of the standard input, output or error are connected to + a tty device, sudo will now check its parent's standard input, + output or error for the tty name on systems with /proc and BSD + systems that support the KERN_PROC_PID sysctl. This allows + tty-based tickets to work properly even when, e.g. standard + input, output and error are redirected to /dev/null. + + * Added the --enable-kerb5-instance configure option to allow + people using Kerberos V authentication to specify a custom + instance so the principal name can be, e.g. "username/sudo" + similar to how ksu uses "username/root". + + * Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in + the results, which would be incorrectly be interpreted as if the + sudoers file had specified a directory. + + * "visudo -c" will now list any include files that were checked + in addition to the main sudoers file when everything parses OK. + + * Users that only have read-only access to the sudoers file may + now run "visudo -c". Previously, write permissions were required + even though no writing is down in check-only mode. + + * It is now possible to prevent the disabling of core dumps from + within sudo itself by adding a line to the sudo.conf file like + "Set disable_coredump false". + +What's new in Sudo 1.8.3p2? + + * Fixed a format string vulnerability when the sudo binary (or a + symbolic link to the sudo binary) contains printf format escapes + and the -D (debugging) flag is used. + +What's new in Sudo 1.8.3p1? + + * Fixed a crash in the monitor process on Solaris when NOPASSWD + was specified or when authentication was disabled. + + * Fixed matching of a Runas_Alias in the group section of a + Runas_Spec. + +What's new in Sudo 1.8.3? + + * Fixed expansion of strftime() escape sequences in the "log_dir" + sudoers setting. + + * Esperanto, Italian and Japanese translations from translationproject.org. + + * Sudo will now use PAM by default on AIX 6 and higher. + + * Added --enable-werror configure option for gcc's -Werror flag. + + * Visudo no longer assumes all editors support the +linenumber + command line argument. It now uses a whitelist of editors known + to support the option. + + * Fixed matching of network addresses when a netmask is specified + but the address is not the first one in the CIDR block. + + * The configure script now check whether or not errno.h declares + the errno variable. Previously, sudo would always declare errno + itself for older systems that don't declare it in errno.h. + + * The NOPASSWD tag is now honored for denied commands too, which + matches historic sudo behavior (prior to sudo 1.7.0). + + * Sudo now honors the "DEREF" setting in ldap.conf which controls + how alias dereferencing is done during an LDAP search. + + * A symbol conflict with the pam_ssh_agent_auth PAM module that + would cause a crash been resolved. + + * The inability to load a group provider plugin is no longer + a fatal error. + + * A potential crash in the utmp handling code has been fixed. + + * Two PAM session issues have been resolved. In previous versions + of sudo, the PAM session was opened as one user and closed as + another. Additionally, if no authentication was performed, the + PAM session would never be closed. + + * Sudo will now work correctly with LDAP-based sudoers using TLS + or SSL on Debian systems. + + * The LOGNAME, USER and USERNAME environment variables are preserved + correctly again in sudoedit mode. + What's new in Sudo 1.8.2? * Sudo, visudo, sudoreplay and the sudoers plug-in now have natural @@ -19,7 +192,7 @@ What's new in Sudo 1.8.2? * Visudo now checks the contents of an alias and warns about cycles when the alias is expanded. - * If the user specifes a group via sudo's -g option that matches + * If the user specifies a group via sudo's -g option that matches the target user's group in the password database, it is now allowed even if no groups are present in the Runas_Spec.