diff --git a/NEWS b/NEWS index 9ca4af00a..e9ccd9096 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,69 @@ +What's new in Sudo 1.9.17 + + * Sudo now uses the NODEV macro consistently. Bug #1074. + + * Fixed a bug where the "ALL" command in a sudoers rule would + override a previous NOSETENV tag. Command tags are inherited + from previous Cmnds in a Cmnd_Spec_List. There is a special + case for the SETENV tag with the "ALL" command, where SETENV is + implied if no explicit SETENV or NOSETENV tag is specified. This + special case did not take into account that a NOSETENV tag that + was inherited should override this behavior. + + * If sudo is run via ssh without a terminal and a password is + required, it now suggest using ssh's "-t" option. + + * Fixed the display of timeout values in the "sudo -V" output + on systems without a C99-compliant snprintf() function. + + * Quieted a number of Coverity minor warnings. + + * Fixed a problem running sudo from a serial console on Linux when + the command is run in a pseudo-terminal (the default). + + * Fixed a crash in sudo which could occur if there was a fatal + error after the user was validated but before the command was + actually run. + + * Fixed a number of man page style warnings. The "lint" make target + in the docs directory will now run groff with warnings enabled + if it is available. Bug #1075. + + * The "ignore_dot" sudoers setting is now on by default. There + is now a "--disable-ignore-dot" configure option to disable it. + The "--with-ignore-dot" configure option has been deprecated. + + * Fixed a problem with the "pwfeedback" option where an initial + backspace would reduce the maximum length allowed for the password. + GitHub issue #439. + + * Fixed minor grammar and spelling problems in the man pages. + + * Fixed a bug where a user could avoid entering a password for + "sudo -l command" if they specified their own user or group name + via the "-u" or "-g" options. + + * Avoid potential password guessing based on timing attacks on + the strcmp() function on systems without PAM or a crypt() function + where plaintext passwords are stored in the shadow password file. + + * Fixed a potential information leak where "sudo -l command" could + be used to determine whether an executable exists in a directory + that they do not have search access to. + + * Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once + again. A long time ago sudo changed from using TCSAFLUSH to + TCSADRAIN due to some systems having bugs related to TCSAFLUSH. + That should no longer be a concern. Using TCSAFLUSH ensures + that password input that has been received by the kernel, but + not yet read by sudo, will be discarded and not echoed. + + * Added the SUDO_TTY environment variable if the user has a terminal. + This can be used to find the user's original tty device when sudo + runs the command in its own pseudo-terminal. GitHub issue #447. + + * New Cantonese translation for sudo. + What's new in Sudo 1.9.16p2 * Sudo now passes the terminal device number to the policy plugin @@ -2285,7 +2351,7 @@ What's new in Sudo 1.8.22 of the session leader. When the "timestamp_type" option is set to "ppid" or when no terminal is available, the start time of the parent process is used instead. This significantly reduces - the likelihood of a time stamp record being re-used when a user + the likelihood of a time stamp record being reused when a user logs out and back in again. Bug #818. * The sudoers time stamp file format is now documented in the new diff --git a/configure b/configure index f0a9fd0cb..d0b680fdb 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for sudo 1.9.16p2. +# Generated by GNU Autoconf 2.72 for sudo 1.9.17. # # Report bugs to . # @@ -614,8 +614,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.9.16p2' -PACKAGE_STRING='sudo 1.9.16p2' +PACKAGE_VERSION='1.9.17' +PACKAGE_STRING='sudo 1.9.17' PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/' PACKAGE_URL='' @@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures sudo 1.9.16p2 to adapt to many kinds of systems. +'configure' configures sudo 1.9.17 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1717,7 +1717,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.9.16p2:";; + short | recursive ) echo "Configuration of sudo 1.9.17:";; esac cat <<\_ACEOF @@ -2013,7 +2013,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.9.16p2 +sudo configure 1.9.17 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -2833,7 +2833,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.9.16p2, which was +It was created by sudo $as_me 1.9.17, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -37071,7 +37071,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.9.16p2, which was +This file was extended by sudo $as_me 1.9.17, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -37139,7 +37139,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sudo config.status 1.9.16p2 +sudo config.status 1.9.17 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index dee452439..7180a175f 100644 --- a/configure.ac +++ b/configure.ac @@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. dnl AC_PREREQ([2.69]) -AC_INIT([sudo], [1.9.16p2], [https://bugzilla.sudo.ws/], [sudo]) +AC_INIT([sudo], [1.9.17], [https://bugzilla.sudo.ws/], [sudo]) AC_CONFIG_HEADERS([config.h pathnames.h]) AC_CONFIG_SRCDIR([src/sudo.c]) AC_CONFIG_AUX_DIR([scripts])