diff --git a/NEWS b/NEWS index 10744d326..fd3c83028 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,49 @@ +What's new in Sudo 1.9.12 + + * Fixed a bug in the ptrace-based intercept mode where the current + working directory could include garbage at the end. + + * Fixed a compilation error on systems that lack the stdint.h + header. Bug #1035 + + * Fixed a bug when logging the command's exit status in intercept + mode. The wrong command could be logged with the exit status. + + * For ptrace-based intercept mode, sudo will now attempt to + verify that the command path name, arguments and environment + have not changed from the time when they were authorized by the + security policy. The new "intercept_verify" sudoers setting can + be used to control this behavior. + + * Fixed running commands with a relative path (e.g. ./foo) in + intercept mode. Previously, this would fail if sudo's current + working directory was different from that of the command. + + * Sudo now supports passing the execve(2) system call the NULL + pointer for the `argv` and/or `envp` arguments when in intercept + mode. Linux treats a NULL pointer like an empty array. + + * The sudoers LDAP schema now allows sudoUser, sudoRunasUser and + sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII. + + * Fixed a problem with "sudo -i" on SELinux when the target user's + home directory is not searchable by sudo. GitHub issue #160. + + * Neovim has been added to the list of visudo editors that support + passing the line number on the command line. + + * Fixed a bug in the SHA384/512 message digest padding. + + * Added a new "-N" (--no-update) command line option to sudo which + can be used to prevent sudo from updating the user's cached + credentials. It is now possible to determine whether or not a + user's cached credentials are currently valid by running: + + $ sudo -Nnv + + and checking the exit value. One use case for this is to indicate + in a shell prompt that sudo is "active" for the user. + What's new in Sudo 1.9.11p3 * Fixed "connection reset" errors on AIX when running shell scripts diff --git a/configure b/configure index cd658a2ae..276f7affd 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for sudo 1.9.11p3. +# Generated by GNU Autoconf 2.71 for sudo 1.9.12. # # Report bugs to . # @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.11p3' -PACKAGE_STRING='sudo 1.9.11p3' +PACKAGE_VERSION='1.9.12' +PACKAGE_STRING='sudo 1.9.12' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1640,7 +1640,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.11p3 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1706,7 +1706,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.11p3:";; + short | recursive ) echo "Configuration of sudo 1.9.12:";; esac cat <<\_ACEOF @@ -1996,7 +1996,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.11p3 +sudo configure 1.9.12 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2653,7 +2653,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.11p3, which was +It was created by sudo $as_me 1.9.12, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -33050,7 +33050,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.11p3, which was +This file was extended by sudo $as_me 1.9.12, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -33118,7 +33118,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.11p3 +sudo config.status 1.9.12 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 676166bf5..1a67cea99 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.70]) -AC_INIT([sudo], [1.9.11p3], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.12], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts])