diff --git a/NEWS b/NEWS index 8c890b2c8..d827c6744 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,61 @@ +What's new in Sudo 1.9.6 + + * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler. + + * Fixed a regression introduced in sudo 1.9.4 where the + --disable-root-mailer configure option had no effect. + + * Added a --disable-leaks configure option that avoids some + memory leaks on exit that would otherwise occur. This is intended + to be used with development tools that measure memory leaks. It + is not safe to be use in production at this time. + + * Plugged some memory leaks identified by oss-fuzz and ASAN. + + * Fixed the handling of sudoOptions for an LDAP sudoRole that + contains multiple sudoCommands. Previously, some of the options + would only be applied to the first sudoCommand. + + * Fixed a potential out of bounds read in the parsing of NOTBEFORE + and NOTAFTER sudoers command options (and their LDAP equivalents). + + * The parser used for reading I/O log JSON files is now more + resilient when processing invalid JSON. + + * Fixed typos that prevented "make uninstall" from working. + GitHub issue #87. + + * Fixed a regression introduced in sudo 1.9.4 where the last line + in a sudoers file might not have a terminating NUL character + added if no newline was present. + + * Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new + --enable-fuzzer configure option can be combined with the + --enable-sanitizer option to build sudo with fuzzing support. + Multiple fuzz targets are available for fuzzing different parts + of sudo. Fuzzers are built and tested via "make fuzz" or as part + of "make check" (even when sudo is not built with fuzzing support). + Fuzzing support currently requires the LLVM clang compiler (not gcc). + + * Fixed the --enable-static-sudoers configure option. + GitHub issue #92. + + * Fixed a potential out of bounds read sudo when is run by a user + with more groups than the value of "max_groups" in sudo.conf. + + * Added an "admin_flag" sudoers option to make the use of the + ~/.sudo_as_admin_successful file configurable on systems where + sudo is build with the --enable-admin-flag configure option. + This mostly affects Ubuntu and its derivatives. + + * The "max_groups" setting in sudo.conf is now limited to 1024. + This setting is obsolete and should no longer be needed. + + * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir" + sudoers command options. A path "~/foo" was expanded to + "/home/userfoo" instead of "/home/user/foo". This also affects + the runchroot and runcwd Defaults settings. + What's new in Sudo 1.9.5p2 * Fixed sudo's setprogname(3) emulation on systems that don't diff --git a/configure b/configure index 26a3c6c62..5adc17fa9 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for sudo 1.9.5p2. +# Generated by GNU Autoconf 2.71 for sudo 1.9.6. # # Report bugs to . # @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.5p2' -PACKAGE_STRING='sudo 1.9.5p2' +PACKAGE_VERSION='1.9.6' +PACKAGE_STRING='sudo 1.9.6' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1614,7 +1614,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.9.5p2 to adapt to many kinds of systems. +\`configure' configures sudo 1.9.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1680,7 +1680,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.5p2:";; + short | recursive ) echo "Configuration of sudo 1.9.6:";; esac cat <<\_ACEOF @@ -1962,7 +1962,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.5p2 +sudo configure 1.9.6 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2619,7 +2619,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.5p2, which was +It was created by sudo $as_me 1.9.6, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -30121,7 +30121,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.5p2, which was +This file was extended by sudo $as_me 1.9.6, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30189,7 +30189,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.5p2 +sudo config.status 1.9.6 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index be23c28a2..947abc187 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.59]) -AC_INIT([sudo], [1.9.5p2], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.6], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) dnl