Sudo 1.9.10

NEWS

@@ -1,3 +1,61 @@
+What's new in Sudo 1.9.10
+
+ * Added new "log_passwords" and "passprompt_regex" sudoers options.
+   If "log_passwords" is disabled, sudo will attempt to prevent passwords
+   from being logged.  If sudo detects any of the regular expressions in
+   the "passprompt_regex" list in the terminal output, sudo will log '*'
+   characters instead of the terminal input until a newline or carriage
+   return is found in the input or an output character is received.
+
+ * Fixed a bug in "cvtsudoers" when merging multiple sudoers files
+   with an associated host name when they contain conflicting
+   Defaults entries.
+
+ * In sudo_logsrvd, fixed parsing of "retry_interval" in the [relay]
+   section.  Previously, attempting to set "retry_interval" would
+   result in a parse error.
+
+ * Added a new "noninteractive_auth" sudoers option to control
+   whether PAM authentication is attempted in non-interactive mode.
+   If "noninteractive_auth" is set, authentication methods that do
+   not require input from the user's terminal may proceed.  This
+   option is off by default, which restores the pre-1.9.9 behavior
+   of "sudo -n".  GitHub issue #131.
+
+ * Added a fallback method when determining the terminal name on
+   systems with /proc when /proc/self/stat or /proc/pid/psinfo is
+   missing or invalid.  If the /proc file indicates no terminal is
+   present, there is no fallback.  Bug #1020
+
+ * Fixed compilation on Debian kFreeBSD.  Bug #1021.
+
+ * Fixed a crash in sudo_logsrvd when running in relay mode if
+   an alert message is received.
+
+ * Sudo no longer returns an error if the SSSD back-end is unable
+   to contact to the SSSD sudo connector.  This can happen when
+   nsswitch.conf lists "sss" as a sudoers source but SSSD is not
+   configured for sudo.  Previously, a useless "problem with defaults
+   entries" message would be sent to root when the SSSD back-end
+   attempted to fetch the global defaults. Bug #1022.
+
+ * Removed the text "This incident will be reported." from warnings
+   when the invoking user is not listed in sudoers.  This warning
+   is confusing to users and may not be accurate now that the email
+   settings are configurable in the sudoers file.  GitHub issue #48.
+
+ * Fixed a bug where the user-specified command timeout was not
+   being honored if the sudoers rule did not also specify a timeout.
+
+ * Added support for matching commands and arguments in sudoers
+   using POSIX extended regular expressions.  Either the command,
+   the arguments, or both may be (separate) regular expressions.
+   Regular expressions for commands and arguments must start with
+   a '^' character and end with a '$'.  This makes it possible for
+   the sudoers parser to tell what is, or is not, a regular expression.
+   It also means that partial matches are not possible unless the
+   pattern explicitly allows it.  Bug #578, GitHub issue #15.
+
 What's new in Sudo 1.9.9
 
  * Sudo can now be built with OpenSSL 3.0 without generating warnings

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for sudo 1.9.9.
+# Generated by GNU Autoconf 2.71 for sudo 1.9.10.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -621,8 +621,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.9'
-PACKAGE_STRING='sudo 1.9.9'
+PACKAGE_VERSION='1.9.10'
+PACKAGE_STRING='sudo 1.9.10'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1636,7 +1636,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.9.9 to adapt to many kinds of systems.
+\`configure' configures sudo 1.9.10 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1702,7 +1702,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.9:";;
+     short | recursive ) echo "Configuration of sudo 1.9.10:";;
    esac
   cat <<\_ACEOF
 
@@ -1991,7 +1991,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.9
+sudo configure 1.9.10
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2648,7 +2648,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.9, which was
+It was created by sudo $as_me 1.9.10, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -32759,7 +32759,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.9, which was
+This file was extended by sudo $as_me 1.9.10, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -32827,7 +32827,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-sudo config.status 1.9.9
+sudo config.status 1.9.10
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.70])
-AC_INIT([sudo], [1.9.9], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.10], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 AC_CONFIG_AUX_DIR([scripts])